23 IPSec cookies are also known as anticlogging tokens a Wha

23. IPSec cookies are also known as anti-clogging tokens.

a. What is the intended security purpose of IPSec cookies?

b. Why do IPSec cookies fail to fulfill their intended purpose?

c. Redesign the IPSec Phase 1 symmetric key signing main mode so that the IPSec cookies do serve their intended purpose.

Solution

a.A IPSec cookie or anti-clogging token (ACT) is used to
protecting the computing resources from attack without spreading
large number of CPU resources to determine its validation.An exchange
prior to CPU-intensive public key operations can thwart some denial
of service attempts (e.g. simple flooding with bogus IP source
addresses). Absolute protection against denial of service is
impossible, but this anti-clogging token provides a technique for
making it easier to handle. The use of an anti-clogging token was
introduced by Karn and Simpson.

b.IPSec cookies fail to fulfill their intended purpose because an attacker can still flood a server using packets with bogus IP addresses.