[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Vulnerabilities in IPSEC using ESP
 Date:  Wed, 18 May 2005 02:13:13 -0400
On 5/13/05, William Fulton <wfulton at thirdhatch dot com> wrote:
> Folks,
> I would recommend this as a good read.  Can anyone tell me if m0n0wall
> is vulnerable to this problem using aggressive mode?
> http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en

From what I've looked at (and I've dug and dug), it doesn't appear
m0n0wall is affected because it doesn't allow you to setup the types
of connections that are vulnerable.  Manuel agrees, but neither of us
have really found anything completely conclusive.

Part of an email from Manuel to me explains it very well:
ESP is only affected when used without integrity
protection, i.e. without a hash algorithm. m0n0wall doesn't even
allow that configuration (you need to select at least one encryption
and one hash algorithm), even though it's possible to use setkey to
define an SA with encryption only and no hashing (I've never heard of
anyone doing that though). So I wouldn't judge the severity of that
issue to be that high, since anybody who's in their right state of
mind wouldn't use ESP with encryption only (I think that like
m0n0wall, most commercial products won't even let you do it).

AH alone doesn't seem to be affected; the way I interpret it is that
the advisory merely says that using AH in transport mode tunneled
inside ESP won't make the problem go away, but that's another very
exotic configuration that m0n0wall doesn't even support.

If anybody finds anything to suggest differently, please let Manuel
and/or I know.