DOS attack on vpn 3000 concentrator

Unanswered Question
Oct 14th, 2009
User Badges:

Hi I have received an log on my cisco vpn 3000 concentrator stating....


L Internet Key Exchange (IKE) Phase-1 Denial of Service *Delinquent 2009-09-09 2009-10-09


now what do i need to do to gather more information pertaining to this DOS attack and how do i prevent it from occouring?


I would also appreciate any study material on these 3 types of vpn c2s, s2s and ssh/ssl vpn.


Regards,

Uzair.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Wed, 10/28/2009 - 13:46
User Badges:
  • Cisco Employee,

First you have to be aware that the cvpn is kind of a legacy technology and some of the vulnerabilites that IKE has presented in the past might be present on this box, the important part to cover here is to make sure that your box does not have a weak IKE policy enabled which will include DES, MD5 and DH1, if this is an IKE policy that you have enabled then make sure it is disabled since it is easily breakable.

Unfortunately there is no feature on the CVPN that will rate or prevent unknown ike requests but disabling these combinations might help.


As for the study materials you can go ahead and read the users guide for this box.

Actions

This Discussion