[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Daemon Recovery

To: "Suren Arockia S." <suren@teil.soft.net>
Subject: Re: Daemon Recovery
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Date: Wed, 17 Sep 1997 14:01:13 -0400
Address: 1 Amherst St., Cambridge, MA 02139
Cc: ipsec@tis.com
In-Reply-To: suren@teil.soft.net's message of Wed, 17 Sep 1997 09:03:49 +0000,<341F9CF5.15FB7483@teil.soft.net>
Phone: (617) 253-8091
Sender: owner-ipsec@ex.tis.com

   Date: Wed, 17 Sep 1997 09:03:49 +0000
   From: "Suren Arockia S." <suren@teil.soft.net>

   I have a problem for which I donot have a proper solution.
   After a complete negotiation between two ISAKMP peers (A and B),
   the peer B crashes. When B recovers, ip packets from A reach
   B with SPI values strange to B. Can someone suggest a method
   to stop A from sending packets using OLD SPI values.

Bill Simpson has proposed an unsecured ICMP message which tells host B
that a particular SPI is invalid.  Unfortunately, there are some obvious
and severe denial of service attacks one could accomplish with this
tack.

I could imagine either requiring that the ICMP message be secured in an
existing SPI from the same host.  A better solution might be to include
in the ISAKMP negotiations a notification that at the successful
conclusion of this SPI negotiation, all other SPI's for the same host
should be discarded.  What do other people think?

						- Ted

Follow-Ups:

Re: Daemon Recovery

From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

Re: Daemon Recovery

From: Daniel Harkins <dharkins@cisco.com>

References:

Daemon Recovery

From: "Suren Arockia S." <suren@teil.soft.net>

Prev by Date: Re: Which comes first?
Next by Date: RE: Daemon Recovery
Prev by thread: Daemon Recovery
Next by thread: Re: Daemon Recovery
Index(es):
- Main
- Thread