ipsec – WindowsTechs.com

What attacks can be performed by changing header of IP packet if I apply only ESPv2 of IPsec(so not providing intergrity for the IP header)

Posted on April 15, 2024 by AllExJ

For ESPv2 I’m referring to this: https://datatracker.ietf.org/doc/html/rfc2406 so the version which supports of course confidentiality, but also authentication ONLY FOR THE PAYLOAD, NOT of the IP header.
My professor warns against using ES… Continue reading What attacks can be performed by changing header of IP packet if I apply only ESPv2 of IPsec(so not providing intergrity for the IP header)→

IPSec in tunnel model with AH&ESP: position of original IP header?

Posted on April 5, 2024 by LeWaldm

I am studying IPSec in tunnel mode when first applying ESP and then AH and am wondering about the position of the original IP header. I see two options:

IP header (crypto), AH header, ESP header, IP header (comm), …
IP header (crypto), … Continue reading IPSec in tunnel model with AH&ESP: position of original IP header?→

What attacks can be performed by changing header of IP packet if I apply only ESPv2(so confidentiality and integrity of payload(no header integrity))?

Posted on February 17, 2024 by AllExJ

What attacks can occur by altering the IP packet header with only ESPv2 (so having ONLY payload confidentiality&integrity but NOT integrity)?
My professor warns against using ESPv2 without header integrity due to potential header manip… Continue reading What attacks can be performed by changing header of IP packet if I apply only ESPv2(so confidentiality and integrity of payload(no header integrity))?→

Why does IPsec use tunnel-mode for an external laptop? Could transport-mode be used? Why can’t a gateway control access in transport-mode?

Posted on February 15, 2024 by AllExJ

In an IPsec Secure gateway setup, why is tunnel-mode used when an external laptop wants to access an internal service protected by a firewall? Is tunnel-mode necessary or could transport-mode be used instead? Why can’t a gateway perform ac… Continue reading Why does IPsec use tunnel-mode for an external laptop? Could transport-mode be used? Why can’t a gateway control access in transport-mode?→

What if in IPsec I have confidentiality BUT NOT integrity? What are the dangers?

Posted on February 15, 2024 by AllExJ

ESP in IPsec v2 only provides integrity of the payload, not of the header. So my question is about that. The possible dangers in not having integrity of header, while having ESP active for payload.
What are the potential risks if an attack… Continue reading What if in IPsec I have confidentiality BUT NOT integrity? What are the dangers?→

W-Firewall blocks Port 135 if using IPsec Kerberos V5 User Authentication

Posted on November 3, 2023 by Proxolin

i am about to implement IPsec to achive a zero trust environment, in order to do so i am using the Windows Firewall with IPsec Rules (Allow the Connection if it is secure).

Everything works fine, but as soon as i add an user to "Remo… Continue reading W-Firewall blocks Port 135 if using IPsec Kerberos V5 User Authentication→

Shouldn’t IPsec be an application layer protocol since it is "over UDP"?

Posted on July 4, 2023 by SamTest

I am reading about IPsec and am confused of what exactly is "IPsec", is it a network layer protocol, or is it a technology that uses involves multiple protocols? All web searches tell me IPsec is a "protocol" that runs … Continue reading Shouldn’t IPsec be an application layer protocol since it is "over UDP"?→

iptables shows that esp line is not used while packages are correctly processed

Posted on June 9, 2023 by Kobodjo

I setup an IPsec ESP connection between a test laptop and an embedded device, in transport mode.
Below, i show the iptables of the embedded device.
As the rules indicate, icmp traffic is allowed, and when I do a ping from my test laptop to… Continue reading iptables shows that esp line is not used while packages are correctly processed→

Since IPSec works on Layer 3 (Network), does that mean it also provides protection for all the higher layers?

Posted on June 1, 2023 by skigoggles

From my understanding, data moves from OSI Layer 7 down to Layer 1 when its being prepared to get sent. On each layer, data gets encapsulated within the data of the layer below it. Ex: A Layer 3 IP packet is encapsulated within a Layer 2 e… Continue reading Since IPSec works on Layer 3 (Network), does that mean it also provides protection for all the higher layers?→

Do IKEv2 ESP proposals really require a unquie SPI per proposal?

Posted on May 4, 2023 by Mecki

When one peer is trying to negotiate an ESP SA, it sends a security association (SA) payload to the other peer. This SA payload must contain at least one proposal, suggesting at least one encryption and one integrity transform to use. It m… Continue reading Do IKEv2 ESP proposals really require a unquie SPI per proposal?→