Through the COVID-19 pandemic, the number of clients using Virtual Private Network (VPN) has dramatically increased. Consequently, VPN vulnerabilities have become target points to be exploited by attackers. However, studies have been released to defend against such attacks with the purpose of securing VPN. Nevertheless, attacks with high sophistication still target VPNs to comprise the critical data being communicated. VPN servers use protocols to secure connections with clients. However, these protocols are still targeted specifically with Denial-of-Service (DoS) attacks. This paper analyzes and treats the vulnerability of key negotiation process in the main mode as well as aggressive mode of Internet Key Exchange (IKE) protocol in IP Security (IPsec) VPN. We demonstrate experiments of a DoS attack based on Open Shortest Path First (OSPF) protocol adjacent route spoofing. Thereafter, we propose a method to tackle those attacks through exploiting the Suricata as an Intrusion Detection System (IDS) in defending the VPN against DoS attacks.

عنوان المؤتمر

2021 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT)

دولة المؤتمر

فلسطين

تاريخ المؤتمر

29 سبتمبر، 2021 - 30 سبتمبر، 2021

راعي المؤتمر

IEEE