[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Protection of port 500

To: thorpej@zembu.com
Subject: Re: Protection of port 500
From: Stephen Kent <kent@bbn.com>
Date: Mon, 15 Jan 2001 17:52:41 -0500
Cc: Pervaiz Rizvi <shoaib21@juno.com>, ipsec@lists.tislabs.com
In-Reply-To: <20010115003721.P475@dr-evil.shagadelic.org>
References: <20010114.210912.-318249.5.shoaib21@juno.com><20010115003721.P475@dr-evil.shagadelic.org>
Sender: owner-ipsec@lists.tislabs.com

At 12:37 AM -0800 1/15/01, Jason R Thorpe wrote:

<excerpt>On Sun, Jan 14, 2001 at 09:09:12PM -0800, Pervaiz Rizvi
wrote:

 > Since IPsec uses UDP500 for key exchange,

 > how does it know to ignore configurations

 > that seek to protect udp/500 with IPsec?

 > If this were allowed, presumably the IPsec

 > stack would go into an unterminating recursion.

Presumably the IKE daemon would change the policy for the

communication endpoints it is using.

</excerpt>

An IPsec implementation may originate and terminate <underline>its own
management traffic</underline> (.e.g., IKE, SNMP, ICMP etc.)
irrespective of the SPD and SAD entries use to manage subscriber.

Steve

References:

Protection of port 500

From: Pervaiz Rizvi <shoaib21@juno.com>

Re: Protection of port 500

From: Jason R Thorpe <thorpej@zembu.com>

Prev by Date: Re: Inbound processing of ESP packet
Next by Date: Re: Protection of port 500
Prev by thread: Re: Protection of port 500
Next by thread: Re: Protection of port 500
Index(es):
- Main
- Thread