[strongSwan] IKEv1: Is DoS attack possible?

Владимир Подобаев vpodobaev at mail.ru
Thu Feb 16 15:23:50 CET 2012


Hello.

Assume I use Pluto with right=%any.
Is a DoS attack possible by state flooding?
For example -  bot-net attackers start trying to connect many times (with different cookies). And will this lead to the dramatic growth of Pluto state chains?
Will this overflow Pluto's memory? Or is there any limit of number of states? Or maybe there is some other protecting mechanism? 

Thank you!

Best regards, Vladimir

   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120216/d726888d/attachment.html>


More information about the Users mailing list