[strongSwan] Strongswan responds to scan attack
Naveen Neelakanta
naveen.b.neelakanta at gmail.com
Wed Dec 5 20:57:30 CET 2018
Thanks Tobias
The vulnerability is : ISAKMP endpoint allows short key lengths or insecure
encryption algorithms to be negotiated. This could allow remote attackers
to compromise the confidentiality and integrity of the data by decrypting
and modifying individual ESP and AH packets.
Thanks,
Naveen
On Wed, Dec 5, 2018 at 3:03 AM Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Naveen,
>
> > Is there a configuration to avoid strongswan from responding
> > to unsolicited request from scans, even when strongswan is not
> > configured with an endpoint configuration,
>
> What kind of request is sent, what kind response? And what exactly
> makes a request unsolicited?
>
> Anyway, there is the charon.initiator_only option to ignore any initial
> IKE messages.
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20181205/1c7ebeaa/attachment.html>
More information about the Users
mailing list