<div dir="ltr">Thanks Tobias<div><br></div><div>The vulnerability is : ISAKMP endpoint allows short key lengths or insecure encryption algorithms to be negotiated. This could allow remote attackers to compromise the confidentiality and integrity of the data by decrypting and modifying individual ESP and AH packets. </div><div><br></div><div>Thanks,</div><div>Naveen</div><div> </div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Dec 5, 2018 at 3:03 AM Tobias Brunner <<a href="mailto:tobias@strongswan.org">tobias@strongswan.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Naveen,<br>
<br>
> Is there a configuration to avoid strongswan from responding<br>
> to unsolicited request from scans, even when strongswan is not<br>
> configured with an endpoint configuration, <br>
<br>
What kind of request is sent, what kind response? And what exactly<br>
makes a request unsolicited?<br>
<br>
Anyway, there is the charon.initiator_only option to ignore any initial<br>
IKE messages.<br>
<br>
Regards,<br>
Tobias<br>
</blockquote></div>