By Topic

A DoS-vulnerability analysis of L2TP-VPN

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Kara, A. ; Dept. of Comput. Sci. & Eng., Aizu Univ., Fukushima, Japan ; Suzuki, T. ; Takahashi, K. ; Yoshikawa, M.

L2TP is an IETF standard-track VPN protocol defined by RFC2661. Because L2TP does not always authenticate the control and data messages, both of the control and data packets of L2TP protocol are vulnerable to attack. This paper identifies two types of attacks that disconnect L2TP tunnels and proposes countermeasures. The first method is to transmit a StopCCN with correct identification to terminate a control connection toward the LNS or LAC. A countermeasure to the StopCCN attack is to use an added function in the L2TPv3. The L2TPv3 incorporates an optional authentication and integrity check for all control messages. In view of the pre-standard status of L2TPv 3, we propose an enhancement of L2TPv2. The second method is to transmit PPP LCP terminate-request with correct identifiers toward the LNS or LAC. In order to prevent the PPP LCP terminate-request attack, we propose a new extensional AVP. Finally a DoS-resistant L2TP architecture is proposed.

Published in:

Computer and Information Technology, 2004. CIT '04. The Fourth International Conference on

Date of Conference:

14-16 Sept. 2004