Common IPSec Attacks


Name Description Countermeasures
Replay Attack The attacker obtains a copy of an authenticated packet and then transmits it to the intended destination; this can disrupt services and cause other consequences. The Sequence Number field and Anti-replay Mechanism is used to prevent a Replay Attack. In an anti-replay mechanism, the MAC is checked whether the received packet falls within or to the right of the window. If the packet is not authenticated, it is then discarded. Using nonce in IKE key determination can also prevent replay attacks.
Traffic Analysis This occurs in transport mode ESP. Traffic Analysis is merely analyzing the traffic on transmitted packets. Tunnel mode ESP encrypts an entire IP packet, thus preventing traffic analysis.
Diffie-Hellman Algorithm: Man-in-the-middle Attack This occurs by impersonating a party that is communicating with another party by intercepting a public key and sending it back to the original two pairs for false authentication. Using IKE key determination will employ nonce, which prevents man-in-the-middle attacks.
Diffie-Hellman Algorithm: Clogging Attack This occurs when a user requests a large number of keys, thus forcing the system to spend too many resources to compute actual tasks effectively. Using IKE key determination will employ cookies that prevent clogging attacks.
Denial of Service Attacks These are attacks that destabilize the system or network’s ability to perform routine functions by jamming the system/network or abusing their resources. By utilizing the ICV field in ESP, replayed or bogus packets received before decrypting the packet is facilitated rapidly, as well as rejecting them when they are unauthorized.



Stallings, W. (2017). Network Security Essentials: Applications and Standards (Sixth). Pearson.

Categories: Security

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s