Heuristics for Detecting ESP-NULL Packets
RFC 5879, “Heuristics for Detecting ESP-NULL Packets”, is an Informational document published in May 2010 by T. Kivinen, D. McDonald. The canonical text is published by the RFC Editor.
Abstract
This document describes a set of heuristics for distinguishing IPsec ESP-NULL (Encapsulating Security Payload without encryption) packets from encrypted ESP packets. These heuristics can be used on intermediate devices, like traffic analyzers, and deep-inspection engines, to quickly decide whether or not a given packet flow is encrypted, i.e., whether or not it can be inspected. Use of these heuristics does not require any changes made on existing IPsec hosts that are compliant with RFC 4303. This document is not an Internet Standards Track specification; it is published for informational purposes.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 5879 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 5878 Transport Layer Security Authorization Extensions
- RFC 5880 Bidirectional Forwarding Detection
- RFC 5877 The application/pkix-attr-cert Media Type for Attribute Certificates
- RFC 5881 Bidirectional Forwarding Detection for IPv4 and IPv6
- RFC 5876 Updates to Asserted Identity in the Session Initiation Protocol
- RFC 5882 Generic Application of Bidirectional Forwarding Detection
- RFC 5875 An Extensible Markup Language Configuration Access Protocol Diff Event Package
- RFC 5883 Bidirectional Forwarding Detection for Multihop Paths