[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IKE
On Wed, 10 May 2000 Franck.Le@nokia.com wrote:
> Since the first messages are sent in clear mode and without any
> authentication, can't a Bad Guy modify for example the SA payload ? That can
> bring to a denial of service.
There is ultimately no way to protect against denial-of-service attacks by
a man in the middle -- he can just change all your packets to random
garbage, thus preventing communications completely.
The most you can do is to prevent him from impersonating a legitimate party
to the communications, which is why IKE has assorted authentication methods
(preshared key, public-key signatures, etc etc.).
Henry Spencer
henry@spsystems.net
References:
- IKE
- From: Franck.Le@nokia.com