query about IPSec protocol

Networking/Security Forums -> Exploits // System Weaknesses

Author: cranium2003 PostPosted: Wed May 04, 2005 6:29 pm    Post subject: query about IPSec protocol
Got two IPSec question.
1) In AH protocol mutable IPv4 fields that cannot be proteted are
Type of Service (TOS)
Fragment offset
Header Checksum
So that mean when MAC hash is calculated those fileds are removed. So i want to ask that mean packet is crosscheked only at end points of communication?
Because when in path packet goes through Router to Router then adjecent routers have same hash at sending router1 routine and receiving routine then why not to include those fields? or its the case that routers only forward packet by checking IP header destination address?

2) Does IPSec is really vulnerable to man in middle attacks? if its possible then when packet reaches to application layer of end system, end system drops the packet in HMAC calcualation? Is that right?

Networking/Security Forums -> Exploits // System Weaknesses

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group