[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: inbound Spd lookup for IPsec packets.

To: "Amal Maalouf" <amalmaal@nortelnetworks.com>
Subject: Re: inbound Spd lookup for IPsec packets.
From: Stephen Kent <kent@bbn.com>
Date: Mon, 16 Aug 1999 12:08:42 -0400
Cc: ipsec@lists.tislabs.com
In-Reply-To: <37B6EA52.B8678E8C@americasm01.nt.com>
Sender: owner-ipsec@lists.tislabs.com

Amal,

If we fail to check the inbound packet header against the selectors after
IPsec processing, then anyone who is authorized to connect to an IPsec site
can masquerade as any other connected user, and they can send traffic not
authorized by the negotiation carried out by IKE.  This can happen for both
transport and tunel mode SAs, although it it potentially more serious for
the latter as there are more opportunities to devite from the SA profile.

Steve

Follow-Ups:

Re: inbound Spd lookup for IPsec packets.

From: "Amal Maalouf" <amalmaal@nortelnetworks.com>

References:

inbound Spd lookup for IPsec packets.

From: "Amal Maalouf" <amalmaal@nortelnetworks.com>

Prev by Date: Re: SA bundles including IPCOMP.
Next by Date: Re: about Selecter Parameter
Prev by thread: inbound Spd lookup for IPsec packets.
Next by thread: Re: inbound Spd lookup for IPsec packets.
Index(es):
- Main
- Thread