Word is, there is a flaw in IKEv1 that allows for an attacker to create IKE sessions faster than previous attempts expire. The security research firm who found the flaw only lists Cisco VPN devices as being vulnerable while Cisco maintains that the flaw is in the IKE protocol itself.
Research Firm: http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html Cisco's Response: http://www.cisco.com/en/US/tech/tk583/tk372/tsd_technology_security_response 09186a00806f33d4.html I hesitate to trust Cisco's response fully, as the behavior sounds like something that to me would be implementation dependent. Is it legitimate to fear that this kind of attack could succeed against isakmpd(8) or other IKE implementations of other projects, for example? If so, what if any controls would be effective in defense? -- Darren Spruell Information Security Operations Catholic Healthcare West IT (602)307-2217 [EMAIL PROTECTED]
