Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2043 |
Message | MISC isakmp login failed |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the Internet Security Association and Key Management Protocol (ISAKMP). |
Impact | Unknown. |
Detailed Information | ISAKMP is a framework for authentication using cryptographic keys. It specifically defines the process of key exchange as opposed to the generation of a cryptographic key. ISAKMP also details the procedures for the required security associations in network security services. This event indicates that a key exchange using ISAKMP failed. |
Affected Systems | All systems using cryptographic key exchange as an authentication method. |
Attack Scenarios | The attacker may have a store of keys associated with valid users and may attempt to authenticate using a combination of username and key. |
Ease of Attack | Simple |
Corrective Action | Ensure that key exchanges are only allowed between trusted hosts. Check log files for disallowed login attempts. |
Additional References | ISAKMP: http://www.networksorcery.com/enp/protocol/isakmp.htm RFC: http://www.ietf.org/rfc/rfc2407.txt http://www.ietf.org/rfc/rfc2408.txt IANA: http://www.iana.org/assignments/isakmp-registry |
--
DID:761511
--
http://www.aanval.com/