how IPSec prevents SYN flooding attacks Like if A is sending packets to B using IPsec. Suppose B’s TCP ack gets lost, and A’s TCP retransmits the packet since it assumes the packet was lost. Will B’s IPsec implementation notice that the packet is a duplicate and discard it?
Asked
Active
Viewed 1,073 times
1 Answers
2
IPSec does not prevent SYN flooding. IPSec is a VPN at the network layer (i.e. IP) and not the transport layer (TCP, UDP). It will transport any IP packets and not look deeper. But since SYN is a capability of TCP and SYN flooding an attack thus at the transport layer a pure IPSec VPN will not detect SYN flooding.
Of course you could augment an IPSec VPN with additional software or hardware to detect such attacks the same way as you could augment plain (non-VPN) IP networks this way. Though it will not be possible to detect such attacks within the encrypted IPSec traffic but only in the decrypted traffic.
Steffen Ullrich
- 184,332
- 29
- 363
- 424