DW3 3 IPSEC WWW - Underwar.co - Il

IPSec
IPSEC ,
. ,
.
?
.
( - )
.
. , Arp Poisoning
, Replay Attack
.Timestamp
. .IPSEC-
)Internet Protocol Security (IPSec

IPSEC ,IP- ,
"-" .
, hosts secure gateways host.secure gateway-
IPSEC- :
, .
.
.
.
.
,IP-
. TCP, UDP, ICMP, BGP :'.
2 Authentication :
) Header (AH ,Encapsulation Security Payload (ESP)-
.
IPSec , .
,
IPSEC .

.
:
-Authenticity ( .(Man in the Middle
-Secrecy .
IPSec
www.DigitalWhisper.co.il
,3 2009
)IP Authentication Header (AH

AH- ,IPSEC- ,
( ) ,
) IP Encapsulating Security Payload (ESP .
AH , .secure gateways , AH
ESP .
IPv6- "Authentication Header"- ""IPv6 Hop-by-Hop Header
" ,"IPv6 Destination Options IPv4- "Authentication Head"-
"IPv4 header"-.
:
32 bits
16 bits
8 bits
Reserved
Payload Length
Next Header
)Security parameters index (SPI

Sequence Number Field
)Authentication data (variable
" -"Next header ."Authentication Header"-

" -"Payload Length AH-.32Bit-
" -"SPI 32 Bit - IP- AH-
, . ,
.
" -"Sequence Number - .
" -"Authentication Data ) Integrity Check Value (ICV
,
, 2 ,
, ,
,
, ,
.
IPSec
,3 2009
)IP Encapsulating Security Payload (ESP

ESP- .IPSec IPv4-,IPv6-
(
) . .Payload data
ESP " ,50 IANA (Internet Assigned
) Numbers Authority ,
,IP ICANN (Internet Corporation of
)Assigned Names and Numbers
:
32 bits
24 bits
16 bits
)Security association identifier (SAID

Sequence Number
)Payload data (variable length
)Padding (0-255 bytes
Next Header
Pad Length
)Authentication Data (variable
" -"Security association identifier ,

.
" -"Payload Data .
" -"Padding C 2 ,
bytes- , , :
,10bytes ,bytes 97 3- .
.
" -"Pad length bytes- .
" -"Next header .Payload Data-
IPSec
,3 2009
)Internet Security Association and Key Management Protocol (ISAKMP

,IPSec ,NSA- ,
.
:
, SA-.
.
:
32 bits
24 bits
12 bits 16 bits
8 bits
Initiator Cookie
Responder Cookie
Flags
MjVer MnVer Exchange Type
Next Payload
Message ID
Length
" -"Initiator Cookie .

" -"Responder Cookie .SA
" -"Next Payload .
" -"MjVer ISAKMP .
" -"MnVer ISAKMP .
" -"Exchange Type .
" -"Flags .ISAKMP
" -"Message ID .
" -"Length .
IPSec
,3 2009
)Internet Key Exchange (IKE

IKE- IPSEC SA
,IPSEC- UDP .500
IKE- ISAKMP( OAKLEY-
.)IPSEC SA-
IKE , ,
SA .SA
IKE- , ,
, ISAKMP- ,
, keying material -
.ISAKMP SA- SA- .IPSEC
IKE-
(.) Man in the middle, Denial of service ,
IKE-
( DH ,
, ).
IPSec
,3 2009

IPSec- ,
.
Denial of service Attack

,IP spoofing
IKE , ,
IP- . IP header-
: IKE- ,
, IKE
.DH-
DoS IKE ()IP Spoofing
, IP ,
IP.
: .Cookies
( )Cookie ,
,
.
, IKE- .
MITM Attack Arp Poisoning

" -
( - Arp - Physical Address- Destination-Physical -
Address ) , ( ) '.
IPSec
,3 2009
: Arp- ,
.
: .
, MITM
- .
Replay Attack
" , -
, .
:
MITM ,

.
: .Timestamp
Timestamp "" .
.
"" , . , .

,IPSec-
.
IPSec
,3 2009

DW3 3 IPSEC WWW - Underwar.co - Il

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DW3 3 IPSEC WWW - Underwar.co - Il

Uploaded by

Copyright:

Available Formats

IPSec

)Internet Protocol Security (IPSec

-Authenticity ( .(Man in the Middle

)IP Authentication Header (AH

)Security parameters index (SPI

" -"Next header ."Authentication Header"-

)IP Encapsulating Security Payload (ESP

)Security association identifier (SAID

" -"Security association identifier ,

)Internet Security Association and Key Management Protocol (ISAKMP

MjVer MnVer Exchange Type

" -"Initiator Cookie .

)Internet Key Exchange (IKE

(.) Man in the middle, Denial of service ,

Denial of service Attack

MITM Attack Arp Poisoning

You might also like