|Check Point Reference:||CPSA-2005-06|
|Date Published:||5 Jun 2005|
|Last Updated:||5 Jun 2005|
|Protection Provided by:||
|Who is Vulnerable?|
This protection enforces the compliance of the IKE protocol to RFC 2409 in terms of payloadtype and length, maximal payload number, and packet length.By enabling "IKE payload enforcement" IPS will perform additional checks on the IKE Security Association payload.The detect mode makes it possible to track IKE protocol violation without blocking the connection.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:.
Attack Name: IKE Enforcement Violation.
Attack Information: . Invalid IKE Packet. Invalid ISAKMP version. Flags field does not match ISAKMP version. Invalid ISAKMP header length value. Payloads number exceeded. Invalid DOI field in SA payload header. Invalid SIT field in SA payload header. Non-zero reserved field in SA payload header. Key length and encryption algorithm do not match. Number of proposals in SA does not match SA length. Invalid length for an SA attribute. SPI size exceeds proposal. Number of transforms in proposal does not match proposal length. For users of VPN-1 NG with Application Intelligence R55, SmartView Tracker will log rule 99848.