niscc proposed solutions:
- Configure ESP to use both confidentiality and integrity protection. This is the recommended solution.
- Use the AH protocol alongside ESP to provide integrity protection. However, this must be done carefully: for example, the configuration where AH in transport mode is applied end-to-end and tunnelled inside ESP is still vulnerable.
- Remove the error reporting by restricting the generation of ICMP messages or by filtering these messages at a firewall or security gateway.
As of 11:30 CDT (16:30 GMT), Cisco has not released an advisory on this situation.
My commentary:
- The PIX has been maligned for refusing to route packets back out the interface they came in on [until PIX 7.0] -- but at least one of the three attacks is not possible against a PIX [unless it has multiple public interfaces.]
- In Cisco terminology, integrity is turned on if you have configured your transform sets to include ah-md5-hmac, ah-sha-hmac, esp-md5-hmac, or esp-sha-hmac . If your transform sets list encryptions only (e.g., des, 3DES, aes) without md5 or sha elements, then you are vulnerable to the problems.
- Reminder: PIX no longer supports DES + SHA (but does support DES + MD5, and supports SHA for 3DES and AES*.
- PIX 7.0 does not support AH -- I have no idea why not