Re: [strongSwan] Strongswan responds to scan attack
Hi Naveen, > The vulnerability is : ISAKMP endpoint allows short key lengths or > insecure encryption algorithms to be negotiated. This could allow remote > attackers to compromise the confidentiality and integrity of the data by > decrypting and modifying individual ESP and AH packets. I don't understand what exactly you are referring to. How is the above related to responding to unsolicited IKE requests? Regards, Tobias
Re: [strongSwan] Strongswan responds to scan attack
Thanks Tobias The vulnerability is : ISAKMP endpoint allows short key lengths or insecure encryption algorithms to be negotiated. This could allow remote attackers to compromise the confidentiality and integrity of the data by decrypting and modifying individual ESP and AH packets. Thanks, Naveen On Wed, Dec 5, 2018 at 3:03 AM Tobias Brunner wrote: > Hi Naveen, > > > Is there a configuration to avoid strongswan from responding > > to unsolicited request from scans, even when strongswan is not > > configured with an endpoint configuration, > > What kind of request is sent, what kind response? And what exactly > makes a request unsolicited? > > Anyway, there is the charon.initiator_only option to ignore any initial > IKE messages. > > Regards, > Tobias >
Re: [strongSwan] Strongswan responds to scan attack
Hi Naveen, > Is there a configuration to avoid strongswan from responding > to unsolicited request from scans, even when strongswan is not > configured with an endpoint configuration, What kind of request is sent, what kind response? And what exactly makes a request unsolicited? Anyway, there is the charon.initiator_only option to ignore any initial IKE messages. Regards, Tobias
[strongSwan] Strongswan responds to scan attack
Hi Is there a configuration to avoid strongswan from responding to unsolicited request from scans, even when strongswan is not configured with an endpoint configuration, This was detected with PCI auditing tools Thanks, Naveen
