VPN Remote Access OSPF-based VPN Security Vulnerabilities and Counter Measurements

Hanan Sawalmeh, Manar Malayshi, S. Ahmad, Ahmed Awad
{"title":"VPN Remote Access OSPF-based VPN Security Vulnerabilities and Counter Measurements","authors":"Hanan Sawalmeh, Manar Malayshi, S. Ahmad, Ahmed Awad","doi":"10.1109/3ICT53449.2021.9581512","DOIUrl":null,"url":null,"abstract":"Through the COVID-19 pandemic, the number of clients using Virtual Private Network (VPN) has dramatically increased. Consequently, VPN vulnerabilities have become target points to be exploited by attackers. However, studies have been released to defend against such attacks with the purpose of securing VPN. Nevertheless, attacks with high sophistication still target VPNs to comprise the critical data being communicated. VPN servers use protocols to secure connections with clients. However, these protocols are still targeted specifically with Denial-of-Service (DoS) attacks. This paper analyzes and treats the vulnerability of key negotiation process in the main mode as well as aggressive mode of Internet Key Exchange (IKE) protocol in IP Security (IPsec) VPN. We demonstrate experiments of a DoS attack based on Open Shortest Path First (OSPF) protocol adjacent route spoofing. Thereafter, we propose a method to tackle those attacks through exploiting the Suricata as an Intrusion Detection System (IDS) in defending the VPN against DoS attacks.","PeriodicalId":133021,"journal":{"name":"2021 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/3ICT53449.2021.9581512","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

Through the COVID-19 pandemic, the number of clients using Virtual Private Network (VPN) has dramatically increased. Consequently, VPN vulnerabilities have become target points to be exploited by attackers. However, studies have been released to defend against such attacks with the purpose of securing VPN. Nevertheless, attacks with high sophistication still target VPNs to comprise the critical data being communicated. VPN servers use protocols to secure connections with clients. However, these protocols are still targeted specifically with Denial-of-Service (DoS) attacks. This paper analyzes and treats the vulnerability of key negotiation process in the main mode as well as aggressive mode of Internet Key Exchange (IKE) protocol in IP Security (IPsec) VPN. We demonstrate experiments of a DoS attack based on Open Shortest Path First (OSPF) protocol adjacent route spoofing. Thereafter, we propose a method to tackle those attacks through exploiting the Suricata as an Intrusion Detection System (IDS) in defending the VPN against DoS attacks.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
VPN远程访问基于ospf的VPN安全漏洞及对策
在新冠肺炎疫情期间,使用VPN (Virtual Private Network)的客户端数量急剧增加。因此,VPN漏洞成为攻击者利用的目标点。然而,为了保护VPN的安全,已经发布了一些研究来防御这种攻击。然而,高度复杂的攻击仍然以vpn为目标,以包含正在通信的关键数据。VPN服务器使用协议来保护与客户端的连接。然而,这些协议仍然是拒绝服务(DoS)攻击的专门目标。对IP安全(IPsec) VPN中Internet密钥交换(IKE)协议的主模式和攻击模式下密钥协商过程中的漏洞进行了分析和处理。我们演示了一种基于开放最短路径优先(OSPF)协议相邻路由欺骗的DoS攻击实验。因此,我们提出了一种利用Suricata作为入侵检测系统(IDS)来防御VPN的DoS攻击来解决这些攻击的方法。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Securing SCADA Systems against Cyber-Attacks using Artificial Intelligence Quality of Life Integrated Framework: Perspective of Cloud Computing Usage Reference Points Generated on Unit Hypersurfaces for MaOEAs Eye-Tracking Analysis with Deep Learning Method An Implementation and Evaluation of Basic Data Storage Topic for Content Provider Stage in Android Programming Learning Assistance System
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1