[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: inbound vs outbound?

To: <ipsec@lists.tislabs.com>, "Scott Fluhrer" <sfluhrer@cisco.com>
Subject: Re: inbound vs outbound?
From: "mahdavi" <mahdavi@sepahan.iut.ac.ir>
Date: Wed, 4 Jul 2001 03:35:12 +0430
References: <200109041511.AAL68817@mira-sjcm-3.cisco.com>
Sender: owner-ipsec@lists.tislabs.com

Hi.

> That is not correct.  Again, RFC2401 states "The SPD must be consulted
> during the processing of all traffic (INBOUND and OUTBOUND), including
> non-IPsec traffic."

I did not said that I dont consult SPD. I just said

"every packet is outbound else it destined to my machine in tunnel mode.
after inbound process on such a packet I have to process it as outbound"

so you can see that I consult SPD in outbound process.

> Here is an attack that can happen if you don't follow this rule.  Suppose
> that there is a packet that the attacker wants to inject into the system.
> It might be, for example, a UDP packet that kicks off an RPC procedure on
> the target system.  Since the attacker has access only to an section of
> the cloud where all such packets are IPSec protected, he shouldn't be
> able to do so.  However, with your proposed method, all the attacker
> would have to do is inject the packet in the clear.  When this packet
> hits the security gateway, he'll see that it didn't have the router as
> the destination, and hence just forward it on, and hence, the attacker
> has won.
>

Oooooh. you R wrong with my opinion.

I just said

"every packet is outbound else it destined to my machine in tunnel mode.
after inbound process on such a packet I have to process it as outbound"

you can see that any packet will go under outbound IPsec operation according
to my opinion.

so you attacker cant win me .

ok ?

am I right ?

It is better for me to redefine my sentence as follows.

look at below figure.


----------------\
                |     ______________
------------    |    /
           |    |    |
        ___|____|____|____
       /                  \
       |                __________
       |   ROUTER      /          \
-------|               |          |
       |               |  IPSEC   |
       |               |          |
       |               |  system  |
-------|               |          |
       |               |          |
       |               |          |
       |               \__________/
       |                  |
       \__________________/
          |    |    |
          |    |    |
----------/    |    |
               |    \________
               |


it has many interfaces but there is no relation between interfaces and IPsec
system.
router work in this manner that gives every packet that is comming on any
interface to IPsec.
IPsec system will act on it then it generates new packet and gives it back
to the router.
then router will continue his work.

best regards

mahdavi

Follow-Ups:

Re: inbound vs outbound?

From: Scott Fluhrer <sfluhrer@cisco.com>

References:

Re: inbound vs outbound?

From: Scott Fluhrer <sfluhrer@cisco.com>

Prev by Date: Re: inbound vs outbound?
Next by Date: Re: inbound vs outbound?
Prev by thread: Re: inbound vs outbound?
Next by thread: Re: inbound vs outbound?
Index(es):
- Main
- Thread