[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE transport (was INITIAL-CONTACT issues)

To: Dan McDonald <danmcd@Eng.Sun.Com>
Subject: Re: IKE transport (was INITIAL-CONTACT issues)
From: "Derrell D. Piper" <ddp@network-alchemy.com>
Date: Fri, 14 May 1999 14:58:55 -0700
cc: pkoning@xedia.com (Paul Koning), ipsec@lists.tislabs.com
In-reply-to: Your message of "Fri, 14 May 1999 13:25:39 PDT." <199905142026.NAA24829@kebe.Eng.Sun.COM>
Sender: owner-ipsec@lists.tislabs.com

RE: TCP/UDP/DoS

Denial-of-service is such a slipery slope.  If you want to actively attack
IKE, just eat the last packet of Main Mode or Quick Mode...  Dan's right in
that using TCP only changes the problem set.  It doesn't solve anything other
than by providing a fairly high-cost keepalive mechanism.

Derrell

References:

Re: IKE transport (was INITIAL-CONTACT issues)

From: Dan McDonald <danmcd@Eng.Sun.Com>

Prev by Date: RE: ISP's who assign unrouteable addresses
Next by Date: RE: IKE transport (was INITIAL-CONTACT issues)
Prev by thread: Re: IKE transport (was INITIAL-CONTACT issues)
Next by thread: RE: IKE transport (was INITIAL-CONTACT issues)
Index(es):
- Main
- Thread