HOME
Technology
Life
Discover science
Medicine - Health
Event
EntertainmentCisco VPN devices may be subject to DoS attacks
The series of Cisco VPN Concentrator 3000 Series is facing the risk of denial of service (DoS) attacks due to a security error arising in the application connection procedure in the device.
The above security error arises in Internet Key Exchange (IKE) procedure. This is the procedure for allowing virtual private network access IPSec VPN. This security bug could allow an attacker to destroy the 3000 Series Cisco VPN Concentrator by "flooding" the device with a variety of IKE connection requirements that prevent the device from processing network traffic. connect.
Security researcher Roy Hills of security research firm NTA Monitor was the first to discover this security flaw and officially released his findings through the list of newsletters Full Disclosure Day. yesterday (July 26).
The attacker does not need to have login rights to exploit the above security flaw that arises before the login authentication stage, Hills said. Not only that, but the intrusion detection and prevention system is also completely disabled because the packets of information that require an IKE connection to be used as an attack are completely legal, do not contain any malicious code. Come on.
The Cisco Series Concentrator 3000 Series is a product designed specifically for deployment when enterprise virtual private network. The device can support 200 to 10,000 remote IPSec connection requests at the same time.
In a warning message issued yesterday, Cisco Security Issues Response Team (PSIRT) said the above security error only affects version 1 of the IKE connection procedure and not Security error in manufacturer's hardware. Some Cisco products have IKE version 1 applications such as Adaptive Security Appliance (ASA), PIX Firewall and Cisco Internetworking Operating System (IOS) also suffer from the above security error.
Customers using the above-mentioned products can protect themselves by applying Call Admission Control (CAC) to the IKE connection. In this way, it is possible to limit the number of simultaneous connections to the device, preventing flooding of the device by a series of connection requirements.
Although Cisc will continue to study more about this security error to reduce the negative impact of security errors. However, a patch is very hard to release, Mike Caudill - PSIRT managing director - confirmed.
" This is a very difficult security fix because it is a security flaw in the procedure. This is a widely applied procedure, not just in Cisco products ," Caudill said.
Hoang Dung
- 7 Cisco security tips
- Cisco has to fix product security
- Home appliances may be the cause of network attacks
- Cisco introduced the new 9513 MDS system
- Cisco and F-Secure have trouble with their own products
- Motorola said 'no' to 802.11n test devices
- Add a security error in Cisco products
- Cisco announced a new line of high-end routers
- Cisco 3-hole vulnerability in IOS
- Cisco warns 2 serious security errors
- Cisco invested US $ 50 million in China's telecommunications company
- Cisco chooses FPT distribution company as a partner
What is the Snapdragon SiP chip?
How to create a yellow circle around the mouse cursor on Windows
Edit the Boot.ini file in Windows XP
3 ways to restart the remote computer via the Internet