Proceedings. The Fourth International Conference on Computer and Information Technology
Download PDF

Abstract

L2TP is an IETF standard-track VPN protocol defined by RFC2661. Because L2TP does not always authenticate the control and data messages, both of the control and data packets of L2TP protocol are vulnerable to attack. This paper identifies two types of attacks that disconnect L2TP tunnels and proposes countermeasures. The first method is to transmit a StopCCN with correct identifires to terminate a control connection toward the LNS or LAC. A countermeasure to the StopCCN Attack is to use an added function in the L2TPv3. The L2TPv3 incorporates an optional authentication and integrity check for all control messages. In view of the pre-standard status of L2TPv3, we propose an enhancement of L2TPv2. The second method is to transmit PPP LCP Terminate-Request with correct identifiers toward the LNS or LAC. In order to prevent the PPP LCP Terminate-Request Attack, we propose a new extensional AVP. Finally a DoS-resistant L2TP architecture is proposed.
Like what you’re reading?
Already a member?
Get this article FREE with a new membership!