1153:
1761:
721:
1719:(SPI), an index to the security association database (SADB), along with the destination address in a packet header, which together uniquely identifies a security association for that packet. A similar procedure is performed for an incoming packet, where IPsec gathers decryption and verification keys from the security association database.
1727:
multiple security associations, allowing authentication, since a receiver can only know that someone knowing the keys sent the data. Note that the relevant standard does not describe how the association is chosen and duplicated across the group; it is assumed that a responsible party will have made the choice.
2107:
algorithm used in the key exchange. In their paper, they allege the NSA specially built a computing cluster to precompute multiplicative subgroups for specific primes and generators, such as for the second Oakley group defined in RFC 2409. As of May 2015, 90% of addressable IPsec VPNs supported the
1080:
in 4-octet units, minus 2. For example, an AH value of 4 equals 3Ă(32-bit fixed-length AH fields) + 3Ă(32-bit ICV fields) â 2 and thus an AH value of 4 means 24 octets. Although the size is measured in 4-octet units, the length of this header needs to be a multiple of 8 octets if carried in an IPv6
2091:
key leaking mechanisms" into the OpenBSD crypto code. In the forwarded email from 2010, Theo de Raadt did not at first express an official position on the validity of the claims, apart from the implicit endorsement from forwarding the email. Jason Wright's response to the allegations: "Every urban
2040:
IPsec protocols were originally defined in RFC 1825 through RFC 1829, which were published in 1995. In 1998, these documents were superseded by RFC 2401 and RFC 2412 with a few incompatible engineering details, although they were conceptually identical. In addition, a mutual authentication and key
1998:
negotiation is carried out from user space. The NRL-developed and openly specified "PF_KEY Key
Management API, Version 2" is often used to enable the application-space key management application to update the IPsec security associations stored within the kernel-space IPsec implementation. Existing
1726:
a security association is provided for the group, and is duplicated across all authorized receivers of the group. There may be more than one security association for a group, using different SPIs, thereby allowing multiple levels and sets of security within a group. Indeed, each sender can have
3407:
Adrian, David; Bhargavan, Karthikeyan; Durumeric, Zakir; Gaudry, Pierrick; Green, Matthew; Halderman, J. Alex; Heninger, Nadia; Springall, Drew; Thomé, Emmanuel; Valenta, Luke; Vandersloot, Benjamin; Wustrow, Eric; Zanella-Béguelin, Santiago; Zimmermann, Paul (2015).
1746:(IKE) peer. The method uses IPsec traffic patterns to minimize the number of messages required to confirm the availability of a peer. DPD is used to reclaim the lost resources in case a peer is found dead and it is also used to perform IKE peer failover.
2045:(IKE) was defined to create and manage security associations. In December 2005, new standards were defined in RFC 4301 and RFC 4309 which are largely a superset of the previous editions with a second version of the Internet Key Exchange standard
2096:(OCF)." Some days later, de Raadt commented that "I believe that NETSEC was probably contracted to write backdoors as alleged. ⊠If those were written, I don't believe they made it into our tree." This was published before the Snowden leaks.
1967:. This way operating systems can be retrofitted with IPsec. This method of implementation is also used for both hosts and gateways. However, when retrofitting IPsec the encapsulation of IP packets may cause problems for the automatic
1555:
The protected contents of the original IP packet, including any data used to protect the contents (e.g. an
Initialisation Vector for the cryptographic algorithm). The type of content that was protected is indicated by the
1239:
with a new packet header added, ESP protection is afforded to the whole inner IP packet (including the inner header) while the outer header (including any outer IPv4 options or IPv6 extension headers) remains unprotected.
2092:
legend is made more real by the inclusion of real names, dates, and times. Gregory Perry's email falls into this category. ⊠I will state clearly that I did not add backdoors to the OpenBSD operating system or the
2049:. These third-generation documents standardized the abbreviation of IPsec to uppercase âIPâ and lowercase âsecâ. âESPâ generally refers to RFC 4303, which is the most recent version of the specification.
1126:. When replay detection is enabled, sequence numbers are never reused, because a new security association must be renegotiated before an attempt to increment the sequence number beyond its maximum value.
783:
except for mutable fields (i.e. those that might be altered in transit), and also IP options such as the IP Security Option (RFC 1108). Mutable (and therefore unauthenticated) IPv4 header fields are
2108:
second Oakley group as part of IKE. If an organization were to precompute this group, they could derive the keys being exchanged and decrypt traffic without inserting any software backdoors.
1693:
688:
1828:
for network-to-network communications (e.g. between routers to link sites), host-to-network communications (e.g. remote user access) and host-to-host communications (e.g. private chat).
817:, the AH protects most of the IPv6 base header, AH itself, non-mutable extension headers after the AH, and the IP payload. Protection for the IPv6 header excludes the mutable fields:
1959:. This method of implementation is done for hosts and security gateways. Various IPsec capable IP stacks are available from companies, such as HP or IBM. An alternative is so called
2068:
had been actively working to "Insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications devices used by targets" as part of the
2061:
1673:
is already in the possession of both hosts, and the hosts send each other hashes of the shared key to prove that they are in possession of the same key. IPsec also supports
4245:
2123:
as being tied to the
Equation Group and validated by those manufacturers as being real exploits, some of which were zero-day exploits at the time of their exposure. The
1708:. RFC 5386 defines Better-Than-Nothing Security (BTNS) as an unauthenticated mode of IPsec using an extended IKE protocol. C. Meadows, C. Cremers, and others have used
417:
540:
sponsored the development of security protocols for the
Internet under its Secure Data Network Systems (SDNS) program. This brought together various vendors including
1824:
In tunnel mode, the entire IP packet is encrypted and authenticated. It is then encapsulated into a new IP packet with a new IP header. Tunnel mode is used to create
2410:
3563:
545:
1638:
and keys. As such, IPsec provides a range of options once it has been determined whether AH or ESP is used. Before exchanging data, the two hosts agree on which
1665:
The algorithm for authentication is also agreed before the data transfer takes place and IPsec supports a range of methods. Authentication is possible through
2130:
Furthermore, IPsec VPNs using "Aggressive Mode" settings send a hash of the PSK in the clear. This can be and apparently is targeted by the NSA using offline
4181:
177:
691:(ISAKMP) provides a framework for authentication and key exchange, with actual authenticated keying material provided either by manual configuration with
2143:
1963:(BITS) implementation, where the operating system source code does not have to be modified. Here IPsec is installed between the IP stack and the network
3730:: Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association and Key Management Protocol (ISAKMP)
4133:: Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) (obsoleted by RFC 7321)
4112:: Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) (obsoleted by RFC 4835)
2824:
4197:
1701:
700:
3880:: Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)
2387:
The spelling "IPsec" is preferred and used throughout this and all related IPsec standards. All other capitalizations of IPsec are deprecated.
4238:
2255:
410:
137:
3454:
571:
standards-track specifications (RFC 1825 through RFC 1827) for IPsec. NRL's IPsec implementation was described in their paper in the 1996
267:
262:
232:
3508:
3326:
1180:
protocol, rather than being derived from the ISO Network-Layer
Security Protocol (NLSP). The SP3D protocol specification was published by
2017:
IPsec can be used to ensure the secure communication among applications running over constrained resource systems with a small overhead.
92:
3771:
818:
784:
733:
339:
282:
207:
1913:
4305:
4270:
3536:
3429:
3253:
3205:
3180:
3138:
3052:
3027:
2768:
349:
319:
2083:
received on 11 Dec 2010 from
Gregory Perry, it is alleged that Jason Wright and others, working for the FBI, inserted "a number of
4718:
4708:
4310:
4231:
4170:
1739:
messages at regular intervals, which can also be used to automatically reestablish a tunnel lost due to connection interruption.
822:
792:
403:
334:
127:
3660:
1907:
3234:
Hamad, Mohammad; Prevelakis, Vassilis (2015). "Implementation and performance evaluation of embedded IPsec in microkernel OS".
2987:
2846:
2728:
2687:
2649:
2611:
2560:
2513:
2472:
2434:
2199:
2093:
1209:
749:
583:
454:
52:
3820:: Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol
4173:("Better-Than-Nothing Security" Working Group) (chartered to work on unauthenticated IPsec, IPsec APIs, connection latching)]
152:
142:
1757:
The IPsec protocols AH and ESP can be implemented in a host-to-host transport mode, as well as in a network tunneling mode.
2399:
3480:
272:
252:
202:
4723:
3756:
1883:
1643:
729:
613:
end-to-end security scheme. In contrast, while some other
Internet security systems in widespread use operate above the
563:, supporting both SPARC and x86 CPU architectures. DARPA made its implementation freely available via MIT. Under NRL's
192:
187:
182:
4713:
4290:
3985:: Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol
1782:
1595:
1064:
830:
586:(IETF) formed the IP Security Working Group in 1992 to standardize openly specified security extensions to IP, called
369:
329:
197:
3161:
William, S., & Stallings, W. (2006). Cryptography and
Network Security, 4/E. Pearson Education India. p. 492-493
2326:
4295:
2280:
2100:
2000:
1228:
660:
525:
497:
473:
4178:
1777:
or authenticated. The routing is intact, since the IP header is neither modified nor encrypted; however, when the
1677:, where each host has a public and a private key, they exchange their public keys and each host sends the other a
1220:-only configurations, but using encryption without authentication is strongly discouraged because it is insecure.
1987:
1972:
1573:
1161:
799:
556:
736:(SNMP) version 2. Authentication Header (AH) is a member of the IPsec protocol suite. AH ensures connectionless
4466:
4326:
4320:
2158:
2065:
1798:
1716:
1705:
1185:
704:
618:
222:
162:
3581:
4559:
4471:
4254:
1825:
1639:
462:
389:
379:
172:
87:
71:
3235:
4476:
4262:
1682:
685:, an anti-replay service (a form of partial sequence integrity), and limited traffic-flow confidentiality.
257:
107:
2832:
1063:
Type of the next header, indicating what upper-layer protocol was protected. The value is taken from the
2591:
2042:
1995:
1975:(MTU) size on the network path between two IP hosts is established. If a host or gateway has a separate
1873:
1866:
1778:
1743:
1697:
1686:
1674:
1224:
696:
469:
384:
157:
4211:
3681:: Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP)
3564:"key exchange - What are the problems of IKEv1 aggressive mode (compared to IKEv1 main mode or IKEv2)?"
1960:
732:
in the early 1990s and is derived in part from previous IETF standards' work for authentication of the
3345:
4533:
4440:
3094:
3001:
2801:
2742:
2701:
2663:
2625:
2574:
2527:
2486:
2448:
2379:
2213:
2148:
2116:
2084:
1999:
IPsec implementations usually include ESP, AH, and IKE version 2. Existing IPsec implementations on
1813:
1631:
1625:
1526:
1189:
1104:
807:
645:
167:
3813:: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
1658:. These parameters are agreed for the particular session, for which a lifetime must be agreed and a
1188:. Encapsulating Security Payload (ESP) is a member of the IPsec protocol suite. It provides origin
559:(NRL) was funded by DARPA CSTO to implement IPv6 and to research and implement IP encryption in 4.4
4486:
4481:
4432:
2069:
2052:
Since mid-2008, an IPsec
Maintenance and Extensions (ipsecme) working group is active at the IETF.
1887:
1678:
1607:
Variable length check value. It may contain padding to align the field to an 8-octet boundary for
1135:
Variable length check value. It may contain padding to align the field to an 8-octet boundary for
544:
who produced a network encryption device in 1988. The work was openly published from about 1988 by
3375:
3360:
1152:
3435:
3259:
3144:
3112:
2886:
2261:
2168:
1968:
1926:
1735:
To ensure that the connection between two endpoints has not been interrupted, endpoints exchange
1236:
1232:
477:
374:
102:
4159:
602:
suite was developed with few security provisions. As a part of the IPv4 enhancement, IPsec is a
4543:
4491:
4445:
3835:
3425:
3249:
3201:
3176:
3134:
3048:
3023:
2764:
2251:
2131:
1891:
1794:
630:
572:
493:
458:
302:
78:
4496:
3417:
3241:
3126:
3118:
3084:
2991:
2791:
2732:
2691:
2653:
2615:
2564:
2517:
2476:
2438:
2369:
2243:
2203:
1980:
1956:
1802:
1715:
In order to decide what protection is to be provided for an outgoing packet, IPsec uses the
796:
2236:
2012 Second
International Conference on Advanced Computing & Communication Technologies
1979:, which is common in the military and can also be found in commercial systems, a so-called
1797:
layers are always secured by a hash, so they cannot be modified in any way, for example by
552:(SP3) would eventually morph into the ISO standard Network Layer Security Protocol (NLSP).
4450:
4407:
4315:
4185:
4084:: Security Architecture for the Internet Protocol (IPsec overview) (obsoleted by RFC 4301)
2029:
and was originally required to be supported by all standards-compliant implementations of
2014:
1976:
1790:
1201:
1177:
788:
678:
622:
243:
3901:: ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec
3276:
RFC 6434, "IPv6 Node Requirements", E. Jankiewicz, J. Loughney, T. Narten (December 2011)
1246:
The following ESP packet diagram shows how an ESP packet is constructed and interpreted:
1103:
Arbitrary value which is used (together with the destination IP address) to identify the
1569:
Padding for encryption, to extend the payload data to a size that fits the encryption's
1122:
strictly increasing sequence number (incremented by 1 for every packet sent) to prevent
4703:
2363:
2112:
2104:
2004:
1937:
1709:
1666:
1542:
increasing sequence number (incremented by 1 for every packet sent) to protect against
1217:
1197:
1193:
836:
The following AH packet diagram shows how an AH packet is constructed and interpreted:
757:
745:
737:
692:
682:
656:
634:
610:
590:. The NRL developed standards were published by the IETF as RFC-1825 through RFC-1827.
501:
447:
443:
293:
4098:: The Internet IP Security Domain of Interpretation for ISAKMP (obsoleted by RFC 4306)
4697:
4392:
3414:
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
2872:
2153:
2120:
2080:
2075:
The OpenBSD IPsec stack came later on and also was widely copied. In a letter which
1964:
1809:
1670:
1543:
1227:, ESP in transport mode does not provide integrity and authentication for the entire
1123:
753:
741:
668:
641:
614:
509:
17:
4205:
3702:: The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
3263:
3148:
2890:
2850:
2265:
711:
with the bundle of algorithms and parameters necessary for AH and/or ESP operations.
536:
packet encryption; some of these were certified and fielded. From 1986 to 1991, the
4501:
4280:
4275:
3796:
3541:
3513:
3485:
3286:
2088:
1723:
1570:
1172:
SIPP Working Group drafted in December 1993 as a security extension for SIPP. This
803:
744:
and a secret shared key in the AH algorithm. AH also guarantees the data origin by
626:
212:
3439:
575:
Proceedings. NRL's open-source IPsec implementation was made available online by
3122:
3114:
Key Exchange in IPsec Revisited: Formal Analysis of IKEv1 and IKEv2, ESORICS 2011
2344:
1696:(ISAKMP). ISAKMP is implemented by manual configuration with pre-shared secrets,
1184:
in the late 1980s, but designed by the Secure Data Network System project of the
1156:
Usage of IPsec Encapsulating Security Payload (ESP) in Tunnel and Transport modes
772:, AH protects both against header insertion attacks and option insertion attacks.
480:
to use during the session. IPsec can protect data flows between a pair of hosts (
4652:
4511:
4422:
4367:
4137:
4130:
4123:
4116:
4109:
4102:
4095:
4088:
4081:
4070:
4063:
4056:
4049:
4035:
4021:
4014:
4003:
3996:
3989:
3982:
3975:
3968:
3961:
3954:
3947:
3940:
3933:
3926:
3912:
3898:
3891:
3884:
3877:
3870:
3863:
3856:
3849:
3842:
3831:
3824:
3817:
3810:
3803:
3792:
3785:
3778:
3767:
3752:
3745:
3734:
3727:
3720:
3713:
3706:
3699:
3692:
3685:
3678:
3667:
3656:
3649:
3642:
3635:
3628:
3621:
3614:
3607:
3245:
3097:
3078:
3004:
2981:
2804:
2785:
2745:
2722:
2704:
2681:
2666:
2643:
2628:
2605:
2577:
2554:
2530:
2507:
2489:
2466:
2451:
2428:
2382:
2216:
2193:
1659:
1525:
Arbitrary value used (together with the destination IP address) to identify the
780:
457:
of data to provide secure encrypted communication between two computers over an
2231:
1681:
encrypted with the other host's public key. Alternatively if both hosts hold a
1650:, and which hash function is used to ensure the integrity of the data, such as
1634:, where the communicating parties establish shared security attributes such as
752:. Optionally a sequence number can protect the IPsec packet's contents against
4682:
4667:
4662:
4642:
4616:
4580:
4554:
4397:
4387:
4091:: IP Encapsulating Security Payload (ESP) (obsoleted by RFC 4303 and RFC 4305)
3130:
2895:
1786:
1635:
1213:
1205:
505:
451:
360:
4223:
3971:: Problem and Applicability Statement for Better-Than-Nothing Security (BTNS)
3845:: Redirect Mechanism for the Internet Key Exchange Protocol Version 2 (IKEv2)
492:). IPsec uses cryptographic security services to protect communications over
4629:
4606:
4601:
4528:
4417:
4357:
4352:
4126:: IKEv2 Clarifications and Implementation Guidelines (obsoleted by RFC 7296)
3943:: A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers
3421:
2124:
2072:
program. There are allegations that IPsec was a targeted encryption system.
1862:
1774:
1736:
1539:
1119:
664:
606:
431:
4217:
3978:: Integration of Robust Header Compression over IPsec Security Associations
3737:: Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (
3237:
2015 World Symposium on Computer Networks and Information Security (WSCNIS)
4164:
4140:: Internet Key Exchange Protocol Version 2 (IKEv2) (obsoleted by RFC 7296)
3409:
2033:
before RFC 6434 made it only a recommendation. IPsec is also optional for
4677:
4624:
4402:
4377:
4372:
4330:
4150:
4052:: Security Architecture for the Internet Protocol (obsoleted by RFC 2401)
3894:: Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)
3760:
3346:"Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN""
2247:
2163:
2127:
firewalls had vulnerabilities that were used for wiretapping by the NSA.
1647:
724:
Usage of IPsec Authentication Header format in Tunnel and Transport modes
541:
3887:: Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation
2284:
1760:
4672:
4657:
4596:
4382:
4347:
4024:: Secure Password Framework for Internet Key Exchange Version 2 (IKEv2)
4007:
3806:: The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX
3671:
2076:
1877:
603:
529:
2924:"Cryptography in theory and practice: The case of encryption in IPsec"
2308:
1712:
to identify various anomalies which exist in IKEv1 and also in IKEv2.
4572:
4300:
4154:
3852:: Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption
3306:
3089:
2996:
2796:
2737:
2696:
2658:
2620:
2569:
2522:
2481:
2443:
2374:
2208:
2119:
against several manufacturers' VPN equipment which were validated by
2037:
implementations. IPsec is most commonly used to secure IPv4 traffic.
1991:
1651:
533:
323:
217:
116:
96:
3950:: IPsec-Network Address Translation (NAT) Compatibility Requirements
3455:"Confirmed: hacking tool leak came from "omnipotent" NSA-tied group"
3198:
Carrier-Scale IP Networks: Designing and Operating Internet Networks
3173:
Carrier-Scale IP Networks: Designing and Operating Internet Networks
3045:
Carrier-Scale IP Networks: Designing and Operating Internet Networks
3020:
Carrier-Scale IP Networks: Designing and Operating Internet Networks
2761:
Carrier-Scale IP Networks: Designing and Operating Internet Networks
720:
3915:: Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
3390:
2111:
A second alternative explanation that was put forward was that the
667:
and provides protection against IP header modification attacks and
4520:
3866:: IPsec Extensions to Support Robust Header Compression over IPsec
3859:: IKEv2 Extensions to Support Robust Header Compression over IPsec
3738:
2952:
2923:
2680:
Sakane, S.; Kamada, K.; Thomas, M.; Vilhuber, J. (November 1998).
2046:
2008:
1943:
1931:
1894:
providing confidentiality and authentication together efficiently.
1759:
1655:
1546:. There is a separate counter kept for every security association.
1165:
1151:
719:
579:
and became the basis for most initial commercial implementations.
564:
521:
122:
4191:
4066:: IP Encapsulating Security Payload (ESP) (obsoleted by RFC 2406)
3117:. Lecture Notes in Computer Science. Springer. pp. 315â334.
2953:"Attacking the IPsec Standards in Encryption-only Configurations"
1243:
ESP operates directly on top of IP, using IP protocol number 50.
1160:
The IP Encapsulating Security Payload (ESP) was developed at the
4647:
4412:
4119:: Internet Key Exchange (IKEv2) Protocol (obsoleted by RFC 5996)
3957:: Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
3827:: Better-Than-Nothing Security: An Unauthenticated Mode of IPsec
3509:"Equation Group exploit hits newer Cisco ASA, Juniper Netscreen"
3481:"Cisco confirms two of the Shadow Brokers' 'NSA' vulns are real"
2239:
2103:
suggests that the NSA compromised IPsec VPNs by undermining the
2034:
2030:
2026:
1856:
1852:
1848:
1773:
In transport mode, only the payload of the IP packet is usually
1612:
1608:
1181:
1169:
1140:
1136:
814:
776:
769:
765:
599:
568:
312:
307:
277:
227:
147:
112:
4227:
3788:: Online Certificate Status Protocol (OCSP) Extensions to IKEv2
2230:
Dhall, Hitesh; Dhall, Dolly; Batra, Sonia; Rani, Pooja (2012).
4362:
4074:
576:
560:
537:
496:(IP) networks. It supports network-level peer authentication,
132:
2960:
IEEE Symposium on Security and Privacy, IEEE Computer Society
2099:
An alternative explanation put forward by the authors of the
1844:
Cryptographic algorithms defined for use with IPsec include:
1692:
The security associations of IPsec are established using the
779:, the AH protects the IP payload and all header fields of an
728:
The Security Authentication Header (AH) was developed at the
3327:"Secret Documents Reveal N.S.A. Campaign Against Encryption"
2931:
Eurocrypt 2006, Lecture Notes in Computer Science Vol. 4004
3964:: Requirements for an IPsec Certificate Management Profile
2951:
Degabriele, Jean Paul; Paterson, Kenneth G. (2007-08-09).
1742:
Dead Peer Detection (DPD) is a method of detecting a dead
4214:
Data Communication Lectures by Manfred Lindner Part IPsec
3537:"Fortinet follows Cisco in confirming Shadow Broker vuln"
1694:
Internet Security Association and Key Management Protocol
1176:
was originally derived from the US Department of Defense
1168:-sponsored research project, and was openly published by
689:
Internet Security Association and Key Management Protocol
4167:("IP Security Maintenance and Extensions" Working Group)
4017:: Suite B Profile for Internet Protocol Security (IPsec)
3080:
Requirements for Kerberized Internet Negotiation of Keys
2902:
Proceedings of the Sixth Usenix Unix Security Symposium
4038:: Guidelines for Specifying the Use of IPsec Version 2
3638:: The NULL Encryption Algorithm and Its Use With IPsec
3224:, Dan McDonald, Bao Phan, & Craig Metz (July 1998)
2427:
Thayer, R.; Doraswamy, N.; Glenn, R. (November 1998).
2922:
Paterson, Kenneth G.; Yau, Arnold K.L. (2006-04-24).
1594:
Type of the next header. The value is taken from the
633:, IPsec can automatically secure applications at the
4615:
4589:
4571:
4542:
4519:
4510:
4459:
4431:
4340:
4261:
4105:: The Internet Key Exchange (obsoleted by RFC 4306)
3631:: The ESP DES-CBC Cipher Algorithm With Explicit IV
1955:The IPsec can be implemented in the IP stack of an
1173:
674:
644:as a part of the IPv4 suite and uses the following
58:
48:
40:
4059:: IP Authentication Header (obsoleted by RFC 2402)
3873:: Internet Key Exchange Protocol Version 2 (IKEv2)
3781:: IKEv2 Mobility and Multihoming Protocol (MOBIKE)
3709:: Security Architecture for the Internet Protocol
3652:: The Use of HMAC-RIPEMD-160-96 within ESP and AH
3391:"Update on the OpenBSD IPSEC backdoor allegation"
2724:A Method for Storing IPsec Keying Material in DNS
2368:. Network Working Group of the IETF. p. 4.
1781:is used, the IP addresses cannot be modified by
1094:Reserved for future use (all zeroes until then).
3763:with IPsec Encapsulating Security Payload (ESP)
2849:. IETF SIPP Working Group. 1993. Archived from
2365:Security Architecture for the Internet Protocol
2683:Kerberized Internet Negotiation of Keys (KINK)
1642:is used to encrypt the IP packet, for example
1081:packet. This restriction does not apply to an
4239:
2891:"Problem Areas for the IP Security Protocols"
1689:, this can be used for IPsec authentication.
681:, connectionless data integrity, data origin
488:), or between a security gateway and a host (
411:
8:
3624:: The Use of HMAC-SHA-1-96 within ESP and AH
1983:(BITW) implementation of IPsec is possible.
30:
3799:, HMAC-SHA-384, and HMAC-SHA-512 with IPsec
2716:
2714:
2362:Seo, Karen; Kent, Stephen (December 2005).
768:, AH prevents option-insertion attacks. In
567:-funded research effort, NRL developed the
4516:
4246:
4232:
4224:
4188:WindowsSecurity.com article by Deb Shinder
3617:: The Use of HMAC-MD5-96 within ESP and AH
2548:
2546:
2544:
2542:
2540:
2501:
2499:
2400:"NRL ITD Accomplishments - IPSec and IPv6"
2281:"Network Encryption â history and patents"
2144:Dynamic Multipoint Virtual Private Network
1859:for integrity protection and authenticity.
1816:documents describing the NAT-T mechanism.
1808:A means to encapsulate IPsec messages for
652:
468:IPsec includes protocols for establishing
418:
404:
67:
29:
3688:: Negotiation of NAT-Traversal in the IKE
3402:
3400:
3088:
2995:
2795:
2736:
2695:
2657:
2619:
2604:Harkins, D.; Carrel, D. (November 1998).
2568:
2521:
2480:
2442:
2373:
2327:"USENIX 1996 ANNUAL TECHNICAL CONFERENCE"
2309:"IPv6 + IPSEC + ISAKMP Distribution Page"
2207:
2187:
2185:
2183:
1235:, where the entire original IP packet is
829:AH operates directly on top of IP, using
708:
3695:: UDP Encapsulation of IPsec ESP Packets
2506:Kent, S.; Atkinson, R. (November 1998).
2192:Kent, S.; Atkinson, R. (November 1998).
2025:IPsec was developed in conjunction with
1749:UDP keepalive is an alternative to DPD.
1248:
838:
484:), between a pair of security gateways (
3936:: The OAKLEY Key Determination Protocol
3674:Cipher Algorithm and Its Use with IPsec
2983:IP Encapsulating Security Payload (ESP)
2819:
2817:
2195:IP Encapsulating Security Payload (ESP)
2179:
1702:Kerberized Internet Negotiation of Keys
701:Kerberized Internet Negotiation of Keys
532:packet encryption and subsequently for
359:
292:
242:
77:
70:
62:Various, see IETF documentation chapter
3663:groups for Internet Key Exchange (IKE)
1499:
1424:
1037:
760:technique and discarding old packets.
3535:Chirgwin, Richard (August 18, 2016).
3376:"Allegations regarding OpenBSD IPSEC"
3361:"Allegations regarding OpenBSD IPSEC"
2847:"SIPP Encapsulating Security Payload"
2787:Internet Security Glossary, Version 2
2303:
2301:
472:between agents at the beginning of a
7:
4218:Creating VPNs with IPsec and SSL/TLS
4212:Security Architecture for IP (IPsec)
3645:: The ESP CBC-Mode Cipher Algorithms
2011:, usually include PF_KEY version 2.
1831:Tunnel mode supports NAT traversal.
675:Encapsulating Security Payload (ESP)
4220:Linux Journal article by Rami Rosen
4179:Securing Data in Transit with IPsec
3723:: IP Encapsulating Security Payload
524:sponsored a series of experimental
3772:Galois Message Authentication Code
3659:: More Modular Exponential (MODP)
2232:"Implementation of IPSec Protocol"
734:Simple Network Management Protocol
25:
3992:: IPsec Cluster Problem Statement
3582:"Don't stop using IPsec just yet"
3507:Pauli, Darren (August 24, 2016).
3479:Thomson, Iain (August 17, 2016).
1986:When IPsec is implemented in the
1785:, as this always invalidates the
707:. The purpose is to generate the
522:Advanced Research Projects Agency
520:Starting in the early 1970s, the
4073:: IP Authentication using Keyed
3999:: IPsec and IKE Document Roadmap
3748:: Cryptographic Suites for IPsec
2721:Richardson, M. (February 2005).
2416:from the original on 2015-09-15.
2345:"IP Security Protocol (ipsec) -"
1704:(KINK), and the use of IPSECKEY
1585:Size of the padding (in octets).
4198:Microsoft IPsec Diagnostic Tool
3453:Goodin, Dan (August 16, 2016).
2962:. Oakland, CA. pp. 335â349
2607:The Internet Key Exchange (IKE)
2094:OpenBSD Cryptographic Framework
1898:Refer to RFC 8221 for details.
1840:Symmetric encryption algorithms
1400:Security Parameters Index (SPI)
1013:Security Parameters Index (SPI)
584:Internet Engineering Task Force
53:Internet Engineering Task Force
4010:Cryptographic Suites for IPsec
2468:Cryptographic Suites for IPsec
2407:US Naval Research Laboratories
2064:, it was revealed that the US
1640:symmetric encryption algorithm
1576:, and to align the next field.
1251:Encapsulating Security Payload
1164:starting in 1992 as part of a
1148:Encapsulating Security Payload
648:to perform various functions:
621:(TLS) that operates above the
1:
4206:An Illustrated Guide to IPsec
2904:. San Jose, CA. pp. 1â16
2465:Hoffman, P. (December 2005).
27:Secure network protocol suite
4200:on Microsoft Download Center
4160:All IETF active security WGs
3757:Advanced Encryption Standard
3123:10.1007/978-3-642-23822-2_18
2831:. 2010-05-27. Archived from
2594:(IKE), RFC 2409, §1 Abstract
2430:IP Security Document Roadmap
1812:{NAT-T} has been defined by
1611:, or a 4-octet boundary for
1139:, or a 4-octet boundary for
825:, Flow Label, and Hop Limit.
730:US Naval Research Laboratory
550:Security Protocol at Layer 3
3610:: The ESP DES-CBC Transform
3568:Cryptography Stack Exchange
3410:"Imperfect Forward Secrecy"
3246:10.1109/wscnis.2015.7368294
3222:PF_KEYv2 Key Management API
2001:Unix-like operating systems
1783:network address translation
1596:list of IP protocol numbers
1501:Integrity Check Value (ICV)
1200:through hash functions and
1065:list of IP protocol numbers
1039:Integrity Check Value (ICV)
629:(SSH) that operates at the
4740:
4255:Virtual private networking
4029:Best current practice RFCs
3774:(GMAC) in IPsec ESP and AH
3716:: IP Authentication Header
2980:Kent, S. (December 2005).
2873:"Draft SIPP Specification"
2871:Deering, Steve E. (1993).
2553:Kent, S. (December 2005).
1630:The IPsec protocols use a
1623:
1478:
1462:
1448:
1411:
1398:
1225:Authentication Header (AH)
1085:carried in an IPv4 packet.
1024:
1011:
998:
709:security associations (SA)
661:data origin authentication
653:Authentication Header (AH)
526:ARPANET encryption devices
498:data origin authentication
436:Internet Protocol Security
36:Internet Protocol Security
3834:: Modes of Operation for
2790:. Network Working Group.
2784:R. Shirey (August 2007).
1990:, the key management and
1973:maximum transmission unit
1921:Authentication algorithms
1520:Security Parameters Index
1486:
1481:
1467:
1459:
1445:
1277:
1274:
1271:
1268:
1162:Naval Research Laboratory
1098:Security Parameters Index
993:
988:
867:
864:
861:
858:
557:Naval Research Laboratory
35:
4467:Content-control software
3077:Thomas, M. (June 2001).
2933:. Berlin. pp. 12â29
2556:IP Authentication Header
2509:IP Authentication Header
2159:Opportunistic encryption
2066:National Security Agency
2056:Alleged NSA interference
1826:virtual private networks
1717:Security Parameter Index
1186:US Department of Defense
655:provides connectionless
619:Transport Layer Security
504:, data confidentiality (
463:virtual private networks
4719:Network layer protocols
4709:Cryptographic protocols
4560:Private Internet Access
4472:Deep content inspection
4341:Connection applications
4263:Communication protocols
3422:10.1145/2810103.2813707
3047:. IET. pp. 272â3.
1902:Key exchange algorithms
1529:of the receiving party.
1107:of the receiving party.
508:), and protection from
461:network. It is used in
72:Internet protocol suite
4477:Deep packet inspection
4043:Obsolete/historic RFCs
3240:. IEEE. pp. 1â7.
1765:
1683:public key certificate
1464:Padding (0-255 octets)
1157:
725:
528:, at first for native
442:) is a secure network
4194:on Microsoft TechNet
3196:Peter Willis (2001).
3171:Peter Willis (2001).
3043:Peter Willis (2001).
3018:Peter Willis (2001).
2759:Peter Willis (2001).
2592:Internet Key Exchange
2060:In 2013, as part of
2043:Internet Key Exchange
1779:authentication header
1763:
1744:Internet Key Exchange
1698:Internet Key Exchange
1687:certificate authority
1675:public key encryption
1602:Integrity Check Value
1155:
1132:(multiple of 32 bits)
1130:Integrity Check Value
1083:Authentication Header
1078:Authentication Header
841:Authentication Header
831:IP protocol number 51
723:
716:Authentication Header
697:Internet Key Exchange
594:Security architecture
470:mutual authentication
18:Authentication Header
4441:Avast SecureLine VPN
3588:. December 29, 2014.
3200:. IET. p. 267.
3175:. IET. p. 266.
3067:RFC 2406, §1, page 2
3022:. IET. p. 271.
2763:. IET. p. 270.
2349:datatracker.ietf.org
2248:10.1109/ACCT.2012.64
2242:. pp. 176â181.
2149:Information security
1880:for confidentiality.
1632:security association
1626:Security association
1620:Security association
1527:security association
1212:. ESP also supports
1105:security association
703:(KINK), or IPSECKEY
4724:Tunneling protocols
4487:Network enumeration
4482:IP address blocking
4433:Enterprise software
3111:C. Cremers (2011).
2887:Bellovin, Steven M.
2875:. IETF. p. 21.
2642:Kaufman, C. (ed.).
1869:for confidentiality
1254:
1076:The length of this
844:
476:and negotiation of
32:
4714:Internet protocols
4184:2008-10-13 at the
3929:: PF_KEY Interface
3920:Informational RFCs
3838:for Use with IPsec
3131:20.500.11850/69608
2825:"Protocol Numbers"
2169:Tunneling protocol
2132:dictionary attacks
2041:exchange protocol
1969:path MTU discovery
1766:
1753:Modes of operation
1249:
1208:protection for IP
1158:
839:
726:
486:network-to-network
478:cryptographic keys
4691:
4690:
4638:
4637:
4544:Kape Technologies
4492:Stateful firewall
4446:Check Point VPN-1
4151:Computer Security
3906:Experimental RFCs
3416:. pp. 5â17.
3287:"ipsecme charter"
2257:978-1-4673-0471-9
2125:Cisco PIX and ASA
2117:zero-day exploits
1961:bump-in-the-stack
1892:ChaCha20-Poly1305
1700:(IKE and IKEv2),
1516:
1515:
1054:
1053:
699:(IKE and IKEv2),
631:application layer
573:USENIX Conference
494:Internet Protocol
459:Internet Protocol
428:
427:
79:Application layer
66:
65:
16:(Redirected from
4731:
4517:
4497:TCP reset attack
4248:
4241:
4234:
4225:
3590:
3589:
3578:
3572:
3571:
3560:
3554:
3553:
3551:
3549:
3532:
3526:
3525:
3523:
3521:
3504:
3498:
3497:
3495:
3493:
3476:
3470:
3469:
3467:
3465:
3450:
3444:
3443:
3404:
3395:
3394:
3386:
3380:
3379:
3371:
3365:
3364:
3356:
3350:
3349:
3341:
3335:
3334:
3323:
3317:
3316:
3314:
3313:
3307:"ipsecme status"
3303:
3297:
3296:
3294:
3293:
3283:
3277:
3274:
3268:
3267:
3231:
3225:
3218:
3212:
3211:
3193:
3187:
3186:
3168:
3162:
3159:
3153:
3152:
3108:
3102:
3101:
3092:
3090:10.17487/RFC3129
3074:
3068:
3065:
3059:
3058:
3040:
3034:
3033:
3015:
3009:
3008:
2999:
2997:10.17487/RFC4303
2977:
2971:
2970:
2968:
2967:
2957:
2948:
2942:
2941:
2939:
2938:
2928:
2919:
2913:
2912:
2910:
2909:
2899:
2883:
2877:
2876:
2868:
2862:
2861:
2859:
2858:
2843:
2837:
2836:
2821:
2812:
2808:
2799:
2797:10.17487/RFC4949
2781:
2775:
2774:
2756:
2750:
2749:
2740:
2738:10.17487/RFC4025
2718:
2709:
2708:
2699:
2697:10.17487/RFC4430
2677:
2671:
2670:
2661:
2659:10.17487/RFC4306
2639:
2633:
2632:
2623:
2621:10.17487/RFC2409
2601:
2595:
2588:
2582:
2581:
2572:
2570:10.17487/RFC4302
2550:
2535:
2534:
2525:
2523:10.17487/RFC2402
2503:
2494:
2493:
2484:
2482:10.17487/RFC4308
2462:
2456:
2455:
2446:
2444:10.17487/RFC2411
2424:
2418:
2417:
2415:
2404:
2396:
2390:
2389:
2377:
2375:10.17487/RFC4301
2359:
2353:
2352:
2341:
2335:
2334:
2323:
2317:
2316:
2305:
2296:
2295:
2293:
2292:
2283:. Archived from
2276:
2270:
2269:
2227:
2221:
2220:
2211:
2209:10.17487/RFC2406
2189:
2021:Standards status
1981:bump-in-the-wire
1957:operating system
1255:
1114:
845:
555:In 1992, the US
420:
413:
406:
68:
33:
21:
4739:
4738:
4734:
4733:
4732:
4730:
4729:
4728:
4694:
4693:
4692:
4687:
4634:
4611:
4585:
4567:
4538:
4506:
4455:
4451:LogMeIn Hamachi
4427:
4336:
4316:Split tunneling
4257:
4252:
4208:by Steve Friedl
4186:Wayback Machine
4165:IETF ipsecme WG
4147:
4045:
4031:
3922:
3908:
3603:
3601:Standards track
3598:
3596:Further reading
3593:
3580:
3579:
3575:
3562:
3561:
3557:
3547:
3545:
3534:
3533:
3529:
3519:
3517:
3506:
3505:
3501:
3491:
3489:
3478:
3477:
3473:
3463:
3461:
3452:
3451:
3447:
3432:
3406:
3405:
3398:
3389:Theo de Raadt.
3388:
3387:
3383:
3373:
3372:
3368:
3359:Theo de Raadt.
3358:
3357:
3353:
3343:
3342:
3338:
3325:
3324:
3320:
3311:
3309:
3305:
3304:
3300:
3291:
3289:
3285:
3284:
3280:
3275:
3271:
3256:
3233:
3232:
3228:
3219:
3215:
3208:
3195:
3194:
3190:
3183:
3170:
3169:
3165:
3160:
3156:
3141:
3110:
3109:
3105:
3076:
3075:
3071:
3066:
3062:
3055:
3042:
3041:
3037:
3030:
3017:
3016:
3012:
2979:
2978:
2974:
2965:
2963:
2955:
2950:
2949:
2945:
2936:
2934:
2926:
2921:
2920:
2916:
2907:
2905:
2893:
2885:
2884:
2880:
2870:
2869:
2865:
2856:
2854:
2845:
2844:
2840:
2823:
2822:
2815:
2783:
2782:
2778:
2771:
2758:
2757:
2753:
2720:
2719:
2712:
2679:
2678:
2674:
2641:
2640:
2636:
2603:
2602:
2598:
2589:
2585:
2552:
2551:
2538:
2505:
2504:
2497:
2464:
2463:
2459:
2426:
2425:
2421:
2413:
2402:
2398:
2397:
2393:
2361:
2360:
2356:
2343:
2342:
2338:
2325:
2324:
2320:
2307:
2306:
2299:
2290:
2288:
2279:Gilmore, John.
2278:
2277:
2273:
2258:
2229:
2228:
2224:
2191:
2190:
2181:
2177:
2140:
2079:lead developer
2058:
2023:
2003:, for example,
1977:cryptoprocessor
1953:
1951:Implementations
1923:
1904:
1842:
1837:
1822:
1771:
1755:
1733:
1628:
1622:
1533:Sequence Number
1503:
1413:Sequence Number
1292:
1286:
1266:
1202:confidentiality
1192:through source
1150:
1112:Sequence Number
1110:
1041:
1026:Sequence Number
882:
876:
856:
808:Header Checksum
718:
693:pre-shared keys
679:confidentiality
623:transport layer
596:
548:and, of these,
518:
490:network-to-host
424:
244:Transport layer
28:
23:
22:
15:
12:
11:
5:
4737:
4735:
4727:
4726:
4721:
4716:
4711:
4706:
4696:
4695:
4689:
4688:
4686:
4685:
4680:
4675:
4670:
4665:
4660:
4655:
4650:
4645:
4639:
4636:
4635:
4633:
4632:
4627:
4621:
4619:
4613:
4612:
4610:
4609:
4604:
4599:
4593:
4591:
4587:
4586:
4584:
4583:
4577:
4575:
4569:
4568:
4566:
4565:
4562:
4557:
4552:
4548:
4546:
4540:
4539:
4537:
4536:
4531:
4525:
4523:
4514:
4508:
4507:
4505:
4504:
4499:
4494:
4489:
4484:
4479:
4474:
4469:
4463:
4461:
4457:
4456:
4454:
4453:
4448:
4443:
4437:
4435:
4429:
4428:
4426:
4425:
4420:
4415:
4410:
4405:
4400:
4395:
4390:
4385:
4380:
4375:
4370:
4365:
4360:
4355:
4350:
4344:
4342:
4338:
4337:
4335:
4334:
4323:
4318:
4313:
4308:
4303:
4298:
4293:
4288:
4283:
4278:
4273:
4267:
4265:
4259:
4258:
4253:
4251:
4250:
4243:
4236:
4228:
4222:
4221:
4215:
4209:
4203:
4202:
4201:
4189:
4176:
4175:
4174:
4168:
4157:
4146:
4145:External links
4143:
4142:
4141:
4134:
4127:
4120:
4113:
4106:
4099:
4092:
4085:
4078:
4067:
4060:
4053:
4044:
4041:
4040:
4039:
4030:
4027:
4026:
4025:
4018:
4011:
4000:
3993:
3986:
3979:
3972:
3965:
3958:
3951:
3944:
3937:
3930:
3921:
3918:
3917:
3916:
3907:
3904:
3903:
3902:
3895:
3888:
3881:
3874:
3867:
3860:
3853:
3846:
3839:
3828:
3821:
3814:
3807:
3800:
3789:
3782:
3775:
3764:
3749:
3742:
3731:
3724:
3717:
3710:
3703:
3696:
3689:
3682:
3675:
3664:
3661:Diffie-Hellman
3653:
3646:
3639:
3632:
3625:
3618:
3611:
3602:
3599:
3597:
3594:
3592:
3591:
3573:
3555:
3527:
3499:
3471:
3445:
3430:
3396:
3381:
3374:Jason Wright.
3366:
3351:
3344:John Gilmore.
3336:
3331:New York Times
3318:
3298:
3278:
3269:
3254:
3226:
3213:
3206:
3188:
3181:
3163:
3154:
3139:
3103:
3069:
3060:
3053:
3035:
3028:
3010:
2972:
2943:
2914:
2878:
2863:
2838:
2835:on 2010-05-29.
2813:
2810:Informational.
2776:
2769:
2751:
2710:
2672:
2634:
2596:
2583:
2536:
2495:
2457:
2419:
2391:
2354:
2336:
2331:www.usenix.org
2318:
2297:
2271:
2256:
2222:
2178:
2176:
2173:
2172:
2171:
2166:
2161:
2156:
2151:
2146:
2139:
2136:
2113:Equation Group
2105:Diffie-Hellman
2057:
2054:
2022:
2019:
1952:
1949:
1948:
1947:
1941:
1935:
1929:
1922:
1919:
1918:
1917:
1911:
1908:DiffieâHellman
1903:
1900:
1896:
1895:
1881:
1870:
1860:
1841:
1838:
1836:
1833:
1821:
1818:
1770:
1769:Transport mode
1767:
1754:
1751:
1732:
1729:
1710:formal methods
1667:pre-shared key
1624:Main article:
1621:
1618:
1617:
1616:
1605:
1599:
1592:
1586:
1583:
1577:
1567:
1566:(0-255 octets)
1561:
1553:
1547:
1544:replay attacks
1536:
1530:
1523:
1514:
1513:
1510:
1506:
1505:
1498:
1495:
1491:
1490:
1485:
1480:
1477:
1474:
1470:
1469:
1466:
1461:
1458:
1455:
1451:
1450:
1447:
1444:
1441:
1437:
1436:
1433:
1429:
1428:
1423:
1420:
1416:
1415:
1410:
1407:
1403:
1402:
1397:
1394:
1390:
1389:
1386:
1383:
1380:
1377:
1374:
1371:
1368:
1365:
1362:
1359:
1356:
1353:
1350:
1347:
1344:
1341:
1338:
1335:
1332:
1329:
1326:
1323:
1320:
1317:
1314:
1311:
1308:
1305:
1302:
1299:
1296:
1293:
1290:
1287:
1284:
1280:
1279:
1276:
1273:
1270:
1267:
1264:
1261:
1231:. However, in
1218:authentication
1198:data integrity
1194:authentication
1149:
1146:
1145:
1144:
1133:
1127:
1124:replay attacks
1116:
1108:
1101:
1095:
1092:
1086:
1074:
1068:
1061:
1052:
1051:
1048:
1044:
1043:
1036:
1033:
1029:
1028:
1023:
1020:
1016:
1015:
1010:
1007:
1003:
1002:
997:
992:
987:
984:
980:
979:
976:
973:
970:
967:
964:
961:
958:
955:
952:
949:
946:
943:
940:
937:
934:
931:
928:
925:
922:
919:
916:
913:
910:
907:
904:
901:
898:
895:
892:
889:
886:
883:
880:
877:
874:
870:
869:
866:
863:
860:
857:
854:
851:
827:
826:
811:
773:
758:sliding window
754:replay attacks
746:authenticating
717:
714:
713:
712:
686:
683:authentication
672:
669:replay attacks
657:data integrity
635:internet layer
611:internet layer
595:
592:
517:
514:
510:replay attacks
502:data integrity
444:protocol suite
426:
425:
423:
422:
415:
408:
400:
397:
396:
395:
394:
387:
382:
377:
372:
364:
363:
357:
356:
355:
354:
347:
342:
337:
332:
327:
317:
316:
315:
310:
297:
296:
294:Internet layer
290:
289:
288:
287:
280:
275:
270:
265:
260:
255:
247:
246:
240:
239:
238:
237:
230:
225:
220:
215:
210:
205:
200:
195:
190:
185:
180:
175:
170:
165:
160:
155:
150:
145:
140:
135:
130:
125:
120:
110:
105:
100:
90:
82:
81:
75:
74:
64:
63:
60:
59:Base standards
56:
55:
50:
46:
45:
42:
38:
37:
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
4736:
4725:
4722:
4720:
4717:
4715:
4712:
4710:
4707:
4705:
4702:
4701:
4699:
4684:
4681:
4679:
4676:
4674:
4671:
4669:
4666:
4664:
4661:
4659:
4656:
4654:
4651:
4649:
4646:
4644:
4641:
4640:
4631:
4628:
4626:
4623:
4622:
4620:
4618:
4614:
4608:
4605:
4603:
4600:
4598:
4595:
4594:
4592:
4588:
4582:
4579:
4578:
4576:
4574:
4570:
4563:
4561:
4558:
4556:
4553:
4550:
4549:
4547:
4545:
4541:
4535:
4532:
4530:
4527:
4526:
4524:
4522:
4518:
4515:
4513:
4509:
4503:
4500:
4498:
4495:
4493:
4490:
4488:
4485:
4483:
4480:
4478:
4475:
4473:
4470:
4468:
4465:
4464:
4462:
4458:
4452:
4449:
4447:
4444:
4442:
4439:
4438:
4436:
4434:
4430:
4424:
4421:
4419:
4416:
4414:
4411:
4409:
4406:
4404:
4401:
4399:
4396:
4394:
4393:SoftEther VPN
4391:
4389:
4386:
4384:
4381:
4379:
4376:
4374:
4371:
4369:
4366:
4364:
4361:
4359:
4356:
4354:
4351:
4349:
4346:
4345:
4343:
4339:
4332:
4328:
4327:Opportunistic
4324:
4322:
4319:
4317:
4314:
4312:
4309:
4307:
4304:
4302:
4299:
4297:
4294:
4292:
4289:
4287:
4284:
4282:
4279:
4277:
4274:
4272:
4269:
4268:
4266:
4264:
4260:
4256:
4249:
4244:
4242:
4237:
4235:
4230:
4229:
4226:
4219:
4216:
4213:
4210:
4207:
4204:
4199:
4196:
4195:
4193:
4190:
4187:
4183:
4180:
4177:
4172:
4169:
4166:
4163:
4162:
4161:
4158:
4156:
4152:
4149:
4148:
4144:
4139:
4135:
4132:
4128:
4125:
4121:
4118:
4114:
4111:
4107:
4104:
4100:
4097:
4093:
4090:
4086:
4083:
4079:
4076:
4072:
4068:
4065:
4061:
4058:
4054:
4051:
4047:
4046:
4042:
4037:
4033:
4032:
4028:
4023:
4019:
4016:
4012:
4009:
4005:
4001:
3998:
3994:
3991:
3987:
3984:
3980:
3977:
3973:
3970:
3966:
3963:
3959:
3956:
3952:
3949:
3945:
3942:
3938:
3935:
3931:
3928:
3924:
3923:
3919:
3914:
3910:
3909:
3905:
3900:
3896:
3893:
3889:
3886:
3882:
3879:
3875:
3872:
3868:
3865:
3861:
3858:
3854:
3851:
3847:
3844:
3840:
3837:
3833:
3829:
3826:
3822:
3819:
3815:
3812:
3808:
3805:
3801:
3798:
3794:
3790:
3787:
3783:
3780:
3776:
3773:
3770:: The Use of
3769:
3765:
3762:
3758:
3754:
3750:
3747:
3743:
3740:
3736:
3732:
3729:
3725:
3722:
3718:
3715:
3711:
3708:
3704:
3701:
3697:
3694:
3690:
3687:
3683:
3680:
3676:
3673:
3669:
3665:
3662:
3658:
3654:
3651:
3647:
3644:
3640:
3637:
3633:
3630:
3626:
3623:
3619:
3616:
3612:
3609:
3605:
3604:
3600:
3595:
3587:
3583:
3577:
3574:
3569:
3565:
3559:
3556:
3548:September 16,
3544:
3543:
3538:
3531:
3528:
3520:September 16,
3516:
3515:
3510:
3503:
3500:
3492:September 16,
3488:
3487:
3482:
3475:
3472:
3460:
3456:
3449:
3446:
3441:
3437:
3433:
3431:9781450338325
3427:
3423:
3419:
3415:
3411:
3403:
3401:
3397:
3392:
3385:
3382:
3377:
3370:
3367:
3362:
3355:
3352:
3347:
3340:
3337:
3332:
3328:
3322:
3319:
3308:
3302:
3299:
3288:
3282:
3279:
3273:
3270:
3265:
3261:
3257:
3255:9781479999064
3251:
3247:
3243:
3239:
3238:
3230:
3227:
3223:
3217:
3214:
3209:
3207:9780852969823
3203:
3199:
3192:
3189:
3184:
3182:9780852969823
3178:
3174:
3167:
3164:
3158:
3155:
3150:
3146:
3142:
3140:9783642238222
3136:
3132:
3128:
3124:
3120:
3116:
3115:
3107:
3104:
3099:
3096:
3091:
3086:
3082:
3081:
3073:
3070:
3064:
3061:
3056:
3054:9780852969823
3050:
3046:
3039:
3036:
3031:
3029:9780852969823
3025:
3021:
3014:
3011:
3006:
3003:
2998:
2993:
2989:
2985:
2984:
2976:
2973:
2961:
2954:
2947:
2944:
2932:
2925:
2918:
2915:
2903:
2897:
2892:
2888:
2882:
2879:
2874:
2867:
2864:
2853:on 2016-09-09
2852:
2848:
2842:
2839:
2834:
2830:
2826:
2820:
2818:
2814:
2811:
2806:
2803:
2798:
2793:
2789:
2788:
2780:
2777:
2772:
2770:9780852969823
2766:
2762:
2755:
2752:
2747:
2744:
2739:
2734:
2730:
2726:
2725:
2717:
2715:
2711:
2706:
2703:
2698:
2693:
2689:
2685:
2684:
2676:
2673:
2668:
2665:
2660:
2655:
2651:
2647:
2646:
2645:IKE Version 2
2638:
2635:
2630:
2627:
2622:
2617:
2613:
2609:
2608:
2600:
2597:
2593:
2587:
2584:
2579:
2576:
2571:
2566:
2562:
2558:
2557:
2549:
2547:
2545:
2543:
2541:
2537:
2532:
2529:
2524:
2519:
2515:
2511:
2510:
2502:
2500:
2496:
2491:
2488:
2483:
2478:
2474:
2470:
2469:
2461:
2458:
2453:
2450:
2445:
2440:
2436:
2432:
2431:
2423:
2420:
2412:
2408:
2401:
2395:
2392:
2388:
2384:
2381:
2376:
2371:
2367:
2366:
2358:
2355:
2350:
2346:
2340:
2337:
2332:
2328:
2322:
2319:
2314:
2310:
2304:
2302:
2298:
2287:on 2014-09-03
2286:
2282:
2275:
2272:
2267:
2263:
2259:
2253:
2249:
2245:
2241:
2237:
2233:
2226:
2223:
2218:
2215:
2210:
2205:
2201:
2197:
2196:
2188:
2186:
2184:
2180:
2174:
2170:
2167:
2165:
2162:
2160:
2157:
2155:
2154:NAT traversal
2152:
2150:
2147:
2145:
2142:
2141:
2137:
2135:
2133:
2128:
2126:
2122:
2121:Kaspersky Lab
2118:
2114:
2109:
2106:
2102:
2101:Logjam attack
2097:
2095:
2090:
2086:
2082:
2081:Theo de Raadt
2078:
2073:
2071:
2067:
2063:
2062:Snowden leaks
2055:
2053:
2050:
2048:
2044:
2038:
2036:
2032:
2028:
2020:
2018:
2016:
2012:
2010:
2006:
2002:
1997:
1993:
1989:
1984:
1982:
1978:
1974:
1970:
1966:
1962:
1958:
1950:
1945:
1942:
1939:
1936:
1933:
1930:
1928:
1925:
1924:
1920:
1915:
1912:
1909:
1906:
1905:
1901:
1899:
1893:
1889:
1885:
1882:
1879:
1875:
1871:
1868:
1864:
1861:
1858:
1854:
1850:
1847:
1846:
1845:
1839:
1834:
1832:
1829:
1827:
1819:
1817:
1815:
1811:
1810:NAT traversal
1806:
1804:
1800:
1796:
1792:
1788:
1784:
1780:
1776:
1768:
1762:
1758:
1752:
1750:
1747:
1745:
1740:
1738:
1730:
1728:
1725:
1720:
1718:
1713:
1711:
1707:
1703:
1699:
1695:
1690:
1688:
1684:
1680:
1676:
1672:
1671:symmetric key
1668:
1663:
1661:
1657:
1653:
1649:
1645:
1641:
1637:
1633:
1627:
1619:
1614:
1610:
1606:
1603:
1600:
1597:
1593:
1590:
1587:
1584:
1581:
1578:
1575:
1572:
1568:
1565:
1562:
1559:
1554:
1551:
1548:
1545:
1541:
1540:monotonically
1537:
1534:
1531:
1528:
1524:
1521:
1518:
1517:
1511:
1508:
1507:
1502:
1496:
1493:
1492:
1489:
1484:
1475:
1472:
1471:
1465:
1456:
1453:
1452:
1442:
1439:
1438:
1434:
1431:
1430:
1427:
1421:
1418:
1417:
1414:
1408:
1405:
1404:
1401:
1395:
1392:
1391:
1387:
1384:
1381:
1378:
1375:
1372:
1369:
1366:
1363:
1360:
1357:
1354:
1351:
1348:
1345:
1342:
1339:
1336:
1333:
1330:
1327:
1324:
1321:
1318:
1315:
1312:
1309:
1306:
1303:
1300:
1297:
1294:
1288:
1282:
1281:
1262:
1260:
1257:
1256:
1252:
1247:
1244:
1241:
1238:
1234:
1230:
1226:
1221:
1219:
1215:
1211:
1207:
1203:
1199:
1195:
1191:
1187:
1183:
1179:
1175:
1171:
1167:
1163:
1154:
1147:
1142:
1138:
1134:
1131:
1128:
1125:
1121:
1117:
1113:
1109:
1106:
1102:
1099:
1096:
1093:
1090:
1087:
1084:
1079:
1075:
1072:
1069:
1066:
1062:
1059:
1056:
1055:
1049:
1046:
1045:
1040:
1034:
1031:
1030:
1027:
1021:
1018:
1017:
1014:
1008:
1005:
1004:
1001:
996:
991:
985:
982:
981:
977:
974:
971:
968:
965:
962:
959:
956:
953:
950:
947:
944:
941:
938:
935:
932:
929:
926:
923:
920:
917:
914:
911:
908:
905:
902:
899:
896:
893:
890:
887:
884:
878:
872:
871:
852:
850:
847:
846:
842:
837:
834:
832:
824:
820:
816:
812:
809:
805:
801:
798:
794:
790:
786:
782:
778:
774:
771:
767:
763:
762:
761:
759:
755:
751:
747:
743:
742:hash function
739:
735:
731:
722:
715:
710:
706:
702:
698:
694:
690:
687:
684:
680:
676:
673:
670:
666:
662:
658:
654:
651:
650:
649:
647:
643:
642:open standard
638:
636:
632:
628:
624:
620:
616:
615:network layer
612:
608:
605:
601:
593:
591:
589:
585:
580:
578:
574:
570:
566:
562:
558:
553:
551:
547:
543:
539:
535:
531:
527:
523:
515:
513:
511:
507:
503:
499:
495:
491:
487:
483:
479:
475:
471:
466:
464:
460:
456:
453:
449:
448:authenticates
445:
441:
437:
433:
421:
416:
414:
409:
407:
402:
401:
399:
398:
393:
392:
388:
386:
383:
381:
378:
376:
373:
371:
368:
367:
366:
365:
362:
358:
353:
352:
348:
346:
343:
341:
338:
336:
333:
331:
328:
325:
321:
318:
314:
311:
309:
306:
305:
304:
301:
300:
299:
298:
295:
291:
286:
285:
281:
279:
276:
274:
271:
269:
266:
264:
261:
259:
256:
254:
251:
250:
249:
248:
245:
241:
236:
235:
231:
229:
226:
224:
221:
219:
216:
214:
211:
209:
206:
204:
201:
199:
196:
194:
191:
189:
186:
184:
181:
179:
176:
174:
171:
169:
166:
164:
161:
159:
156:
154:
151:
149:
146:
144:
141:
139:
136:
134:
131:
129:
126:
124:
121:
118:
114:
111:
109:
106:
104:
101:
98:
94:
91:
89:
86:
85:
84:
83:
80:
76:
73:
69:
61:
57:
54:
51:
47:
43:
39:
34:
19:
4512:VPN Services
4502:VPN blocking
4460:Risk vectors
4285:
4276:DirectAccess
4171:IETF btns WG
3797:HMAC-SHA-256
3585:
3576:
3567:
3558:
3546:. Retrieved
3542:The Register
3540:
3530:
3518:. Retrieved
3514:The Register
3512:
3502:
3490:. Retrieved
3486:The Register
3484:
3474:
3462:. Retrieved
3459:Ars Technica
3458:
3448:
3413:
3384:
3369:
3354:
3339:
3330:
3321:
3310:. Retrieved
3301:
3290:. Retrieved
3281:
3272:
3236:
3229:
3221:
3216:
3197:
3191:
3172:
3166:
3157:
3113:
3106:
3079:
3072:
3063:
3044:
3038:
3019:
3013:
2982:
2975:
2964:. Retrieved
2959:
2946:
2935:. Retrieved
2930:
2917:
2906:. Retrieved
2901:
2881:
2866:
2855:. Retrieved
2851:the original
2841:
2833:the original
2828:
2809:
2786:
2779:
2760:
2754:
2723:
2682:
2675:
2644:
2637:
2606:
2599:
2586:
2555:
2508:
2467:
2460:
2429:
2422:
2406:
2394:
2386:
2364:
2357:
2348:
2339:
2330:
2321:
2312:
2289:. Retrieved
2285:the original
2274:
2235:
2225:
2194:
2129:
2110:
2098:
2089:side channel
2074:
2059:
2051:
2039:
2024:
2013:
1985:
1971:, where the
1954:
1897:
1843:
1830:
1823:
1807:
1772:
1756:
1748:
1741:
1734:
1724:IP multicast
1721:
1714:
1691:
1664:
1629:
1601:
1588:
1579:
1563:
1557:
1550:Payload data
1549:
1532:
1519:
1500:
1487:
1482:
1463:
1426:Payload data
1425:
1412:
1399:
1258:
1250:
1245:
1242:
1237:encapsulated
1222:
1190:authenticity
1159:
1129:
1111:
1097:
1088:
1082:
1077:
1070:
1057:
1038:
1025:
1012:
999:
994:
989:
848:
840:
835:
828:
756:, using the
727:
640:IPsec is an
639:
627:Secure Shell
598:The initial
597:
587:
581:
554:
549:
519:
489:
485:
482:host-to-host
481:
467:
439:
435:
429:
390:
350:
344:
283:
233:
49:Organization
41:Year started
4653:Mozilla VPN
4423:Shadowsocks
4368:OpenConnect
2313:web.mit.edu
1820:Tunnel mode
1799:translating
1795:application
1764:IPsec Modes
1706:DNS records
1660:session key
1589:Next Header
1558:Next Header
1488:Next Header
1233:tunnel mode
1071:Payload Len
1058:Next Header
995:Payload Len
990:Next Header
781:IP datagram
740:by using a
705:DNS records
4698:Categories
4683:Windscribe
4668:Proton VPN
4663:PrivadoVPN
4617:Ziff Davis
4581:TunnelBear
4555:ExpressVPN
4551:CyberGhost
4534:SecureLine
4398:strongSwan
4388:Social VPN
4077:(historic)
3464:August 19,
3312:2015-10-26
3292:2015-10-26
3220:RFC 2367,
2966:2007-08-13
2937:2007-08-13
2908:2007-07-09
2896:PostScript
2857:2013-08-07
2291:2014-02-18
2175:References
1946:(RFC 8420)
1940:(RFC 6617)
1934:(RFC 4754)
1916:(RFC 4753)
1910:(RFC 3526)
1835:Algorithms
1787:hash value
1731:Keepalives
1669:, where a
1636:algorithms
1604:(variable)
1580:Pad Length
1574:block size
1552:(variable)
1483:Pad Length
1216:-only and
1214:encryption
1206:encryption
617:, such as
506:encryption
361:Link layer
4630:StrongVPN
4607:Surfshark
4602:NordLayer
4418:WireGuard
4358:Libreswan
4353:FreeS/WAN
4136:RFC
4129:RFC
4122:RFC
4115:RFC
4108:RFC
4101:RFC
4094:RFC
4087:RFC
4080:RFC
4069:RFC
4062:RFC
4055:RFC
4048:RFC
4034:RFC
4020:RFC
4013:RFC
4002:RFC
3995:RFC
3988:RFC
3981:RFC
3974:RFC
3967:RFC
3960:RFC
3953:RFC
3946:RFC
3939:RFC
3932:RFC
3925:RFC
3911:RFC
3897:RFC
3890:RFC
3883:RFC
3876:RFC
3869:RFC
3862:RFC
3855:RFC
3848:RFC
3841:RFC
3830:RFC
3823:RFC
3816:RFC
3809:RFC
3802:RFC
3791:RFC
3784:RFC
3777:RFC
3766:RFC
3751:RFC
3744:RFC
3733:RFC
3726:RFC
3719:RFC
3712:RFC
3705:RFC
3698:RFC
3691:RFC
3684:RFC
3677:RFC
3666:RFC
3655:RFC
3648:RFC
3641:RFC
3634:RFC
3627:RFC
3620:RFC
3613:RFC
3606:RFC
2085:backdoors
1863:TripleDES
1805:numbers.
1791:transport
1775:encrypted
1737:keepalive
1535:(32 bits)
1522:(32 bits)
1229:IP packet
1120:monotonic
1115:(32 bits)
1100:(32 bits)
1091:(16 bits)
795:, Flags,
738:integrity
677:provides
665:datagrams
646:protocols
607:OSI model
432:computing
4678:SaferVPN
4625:IPVanish
4403:tcpcrypt
4378:Openswan
4373:OpenIKED
4331:tcpcrypt
4182:Archived
3836:Camellia
3795:: Using
3761:CCM mode
3755:: Using
3264:16935000
3149:18222662
2889:(1996).
2411:Archived
2266:16526652
2164:tcpcrypt
2138:See also
2015:Embedded
1648:ChaCha20
1591:(8 bits)
1582:(8 bits)
1204:through
1089:Reserved
1073:(8 bits)
1060:(8 bits)
1000:Reserved
797:Fragment
542:Motorola
465:(VPNs).
452:encrypts
4673:PureVPN
4658:Mullvad
4597:NordVPN
4590:Tesonet
4564:Zenmate
4383:OpenVPN
4348:FreeLAN
4321:SSL/TLS
4008:Suite B
3672:AES-CBC
3586:No Hats
2077:OpenBSD
2070:Bullrun
2005:Solaris
1965:drivers
1878:AES-CTR
1685:from a
1564:Padding
1479:
1468:
1460:
1449:
1446:
1259:Offsets
1253:format
1223:Unlike
1210:packets
849:Offsets
843:format
750:packets
663:for IP
604:layer 3
530:ARPANET
516:History
474:session
455:packets
391:more...
375:Tunnels
351:more...
284:more...
234:more...
223:TLS/SSL
178:ONC/RPC
115: (
4573:McAfee
4301:L2TPv3
4155:Curlie
3759:(AES)
3670:: The
3440:347988
3438:
3428:
3262:
3252:
3204:
3179:
3147:
3137:
3051:
3026:
2767:
2264:
2254:
1992:ISAKMP
1988:kernel
1789:. The
1656:SHA256
1652:BLAKE2
1571:cipher
1560:field.
800:Offset
534:TCP/IP
218:Telnet
117:HTTP/3
4704:IPsec
4521:Avast
4286:IPsec
4192:IPsec
3739:IKEv2
3436:S2CID
3260:S2CID
3145:S2CID
2956:(PDF)
2927:(PDF)
2414:(PDF)
2403:(PDF)
2262:S2CID
2115:used
2047:IKEv2
2009:Linux
1944:EdDSA
1932:ECDSA
1679:nonce
1283:Octet
1263:Octet
1166:DARPA
873:Octet
853:Octet
588:IPsec
565:DARPA
446:that
440:IPsec
345:IPsec
123:HTTPS
31:IPsec
4648:IVPN
4643:Hola
4413:VTun
4408:tinc
4311:SSTP
4306:PPTP
4296:L2TP
4281:EVPN
4271:DTLS
4138:5996
4131:4835
4124:4718
4117:4306
4110:4305
4103:2409
4096:2407
4089:2406
4082:2401
4071:1828
4064:1827
4057:1826
4050:1825
4036:5406
4022:6467
4015:6380
4004:6379
3997:6071
3990:6027
3983:5930
3976:5856
3969:5387
3962:4809
3955:4621
3948:3715
3941:3706
3934:2412
3927:2367
3913:4478
3899:7634
3892:7427
3885:7383
3878:7321
3871:7296
3864:5858
3857:5857
3850:5723
3843:5685
3832:5529
3825:5386
3818:5282
3811:5280
3804:4945
3793:4868
3786:4806
3779:4555
3768:4543
3753:4309
3746:4308
3735:4307
3728:4304
3721:4303
3714:4302
3707:4301
3700:4106
3693:3948
3686:3947
3679:3686
3668:3602
3657:3526
3650:2857
3643:2451
3636:2410
3629:2405
3622:2404
3615:2403
3608:1829
3550:2016
3522:2016
3494:2016
3466:2016
3426:ISBN
3250:ISBN
3202:ISBN
3177:ISBN
3135:ISBN
3098:3129
3049:ISBN
3024:ISBN
3005:4303
2988:IETF
2829:IANA
2805:4949
2765:ISBN
2746:4025
2729:IETF
2705:4430
2688:IETF
2667:4306
2650:IETF
2629:2409
2612:IETF
2590:The
2578:4302
2561:IETF
2531:2402
2514:IETF
2490:4308
2473:IETF
2452:2411
2435:IETF
2383:4301
2252:ISBN
2240:IEEE
2217:2406
2200:IETF
2087:and
2035:IPv4
2031:IPv6
2027:IPv6
1914:ECDH
1890:and
1876:and
1872:AES-
1857:SHA2
1853:SHA1
1849:HMAC
1803:port
1801:the
1793:and
1722:For
1613:IPv4
1609:IPv6
1512:...
1509:...
1504:...
1497:...
1494:...
1476:...
1473:...
1457:...
1454:...
1443:...
1440:...
1435:...
1432:...
1182:NIST
1178:SP3D
1170:IETF
1141:IPv4
1137:IPv6
1050:...
1047:...
1042:...
819:DSCP
815:IPv6
806:and
785:DSCP
777:IPv4
770:IPv6
766:IPv4
659:and
625:and
600:IPv4
582:The
569:IETF
546:NIST
450:and
340:IGMP
320:ICMP
278:QUIC
273:RSVP
268:SCTP
263:DCCP
228:XMPP
208:SNMP
203:SMTP
188:RTSP
163:OSPF
153:NNTP
148:MQTT
143:MGCP
138:LDAP
128:IMAP
113:HTTP
93:DHCP
44:1996
4529:HMA
4363:n2n
4291:L2F
4153:at
4075:MD5
3418:doi
3242:doi
3127:hdl
3119:doi
3095:RFC
3085:doi
3002:RFC
2992:doi
2802:RFC
2792:doi
2743:RFC
2733:doi
2702:RFC
2692:doi
2664:RFC
2654:doi
2626:RFC
2616:doi
2575:RFC
2565:doi
2528:RFC
2518:doi
2487:RFC
2477:doi
2449:RFC
2439:doi
2380:RFC
2370:doi
2244:doi
2214:RFC
2204:doi
2007:or
1996:IKE
1938:PSK
1927:RSA
1888:GCM
1884:AES
1874:CBC
1867:CBC
1814:RFC
1654:or
1646:or
1644:AES
1422:64
1409:32
1388:31
1385:30
1382:29
1379:28
1376:27
1373:26
1370:25
1367:24
1364:23
1361:22
1358:21
1355:20
1352:19
1349:18
1346:17
1343:16
1340:15
1337:14
1334:13
1331:12
1328:11
1325:10
1289:Bit
1174:ESP
1035:96
1022:64
1009:32
978:31
975:30
972:29
969:28
966:27
963:26
960:25
957:24
954:23
951:22
948:21
945:20
942:19
939:18
936:17
933:16
930:15
927:14
924:13
921:12
918:11
915:10
879:Bit
823:ECN
813:In
804:TTL
793:ECN
789:ToS
775:In
764:In
748:IP
609:or
577:MIT
561:BSD
538:NSA
430:In
385:MAC
380:PPP
370:ARP
335:ECN
330:NDP
258:UDP
253:TCP
213:SSH
198:SIP
193:RIP
183:RTP
173:PTP
168:POP
158:NTP
133:IRC
108:FTP
103:DNS
88:BGP
4700::
4329::
4006::
3584:.
3566:.
3539:.
3511:.
3483:.
3457:.
3434:.
3424:.
3412:.
3399:^
3329:.
3258:.
3248:.
3143:.
3133:.
3125:.
3093:.
3083:.
3000:.
2990:.
2986:.
2958:.
2929:.
2900:.
2827:.
2816:^
2800:.
2741:.
2731:.
2727:.
2713:^
2700:.
2690:.
2686:.
2662:.
2652:.
2648:.
2624:.
2614:.
2610:.
2573:.
2563:.
2559:.
2539:^
2526:.
2516:.
2512:.
2498:^
2485:.
2475:.
2471:.
2447:.
2437:.
2433:.
2409:.
2405:.
2385:.
2378:.
2347:.
2329:.
2311:.
2300:^
2260:.
2250:.
2238:.
2234:.
2212:.
2202:.
2198:.
2182:^
2134:.
1662:.
1538:A
1419:8
1406:4
1396:0
1393:0
1322:9
1319:8
1316:7
1313:6
1310:5
1307:4
1304:3
1301:2
1298:1
1295:0
1291:10
1285:16
1278:3
1275:2
1272:1
1269:0
1265:16
1196:,
1118:A
1032:C
1019:8
1006:4
986:0
983:0
912:9
909:8
906:7
903:6
900:5
897:4
894:3
891:2
888:1
885:0
881:10
875:16
868:3
865:2
862:1
859:0
855:16
833:.
821:,
802:,
791:,
695:,
637:.
512:.
500:,
434:,
324:v6
313:v6
308:v4
303:IP
97:v6
4333:)
4325:(
4247:e
4240:t
4233:v
3741:)
3570:.
3552:.
3524:.
3496:.
3468:.
3442:.
3420::
3393:.
3378:.
3363:.
3348:.
3333:.
3315:.
3295:.
3266:.
3244::
3210:.
3185:.
3151:.
3129::
3121::
3100:.
3087::
3057:.
3032:.
3007:.
2994::
2969:.
2940:.
2911:.
2898:)
2894:(
2860:.
2807:.
2794::
2773:.
2748:.
2735::
2707:.
2694::
2669:.
2656::
2631:.
2618::
2580:.
2567::
2533:.
2520::
2492:.
2479::
2454:.
2441::
2372::
2351:.
2333:.
2315:.
2294:.
2268:.
2246::
2219:.
2206::
1994:/
1886:-
1865:-
1855:/
1851:-
1615:.
1598:.
1143:.
1067:.
810:.
787:/
671:.
438:(
419:e
412:t
405:v
326:)
322:(
119:)
99:)
95:(
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.