The presentation is at http://www.io.com/~mdfranz/papers/howsecure.ppt and the last dozen or so slides deal with potential IKE security issues. I don't think the 12 byte issue was in the prezo, but similar malformed IKE/AH/ESP messages can be generated with udpsic and isic.
- mdf > While I don't remember if it included tools, there was a paper on > pen-testing an IPSEC gateway at the Cansecwest conference 2 years ago. The > gist of it was that it is possible to cause a (defeatable) denial of service > in the first 12 bytes of an initial connection it was otherwise pretty > secure. That of course doesn't necessarily go for the management web interface > on the VPN gateway (there was also a paper on penetrating those at the same > conference). That should at least give you a place to start poking :-). > I believe the web site is www.cansecwest.com (google will find it in any case). > > Peter Van Epp / Operations and Technical Support > Simon Fraser University, Burnaby, B.C. Canada > > top spam and e-mail risk at the gateway. > SurfControl E-mail Filter puts the brakes on spam & viruses > and gives you the reports to prove it. See exactly how much > junk never even makes it in the door. Free 30-day trial: > http://www.securityfocus.com/SurfControl-pen-test top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.securityfocus.com/SurfControl-pen-test
