[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Is "Denial Of Service attack" a security issue?
Since the IPSec, especially IKE, is not DOS attack resistant,
what is the IPSec security level try to achieve?
Shall this been documented in the RFC for the scope/capability of
security level?
Or let user find out later? (ie. been attacked)
--- David
At 09:32 PM 5/25/00 -0400, you wrote:
>Yes, DoD attacks are all security related and yes there
>has been a tendency in all systems to spend a lot of time
>in the weeds on bits and bites and not on obvious system
>availabiity issues. Yes, IPSec , and in particular, the
>ISAKMP UDP mechanism has been documented as a future
>easily 'script kiddied' attack. And yes, these types
>of attacks are very difficult to stop, and yes, it has
>been discussed here and elsewhere, and yes, in all likelihood
>IPSec will suffer from future DoS attacks at the protocol
>implementation becomes more widespread and yes, no systems
>can be made 100 percent secure, and yes, all deployment
>and fielding issues are based on a risk managment method,
>and yes, when the benefits outweight the risks things move
>forward, and yes, for the vast majority of IPSec implementations
>the DoS risk is acceptable, and yes there are operational
>systems where the risk criteria are not acceptable and yes
>these are business case issues which orgs will decide based
>on their operational model.
>
>In a nutshell. IPSec is not perfect, but it is pretty
>darn good and much better than no-IPsec.
>
>
>-Neo
> >
> > If no, the IPSec is not "safe".
> > --- David
> >
>
>
>--
>
>---------------------------
>The Y2K Feature:
>
>A way of remaining in the 20th century for a little
>longer ..... 19 - 100 ... a feature, not a bug :)
========================================
David Chen
Indus River Networks, Inc.
www.indusriver.com
31 Nagog Park
Acton, MA 01720
U.S.A.
dchen@indusriver.com
(978) 266-8141
========================================
Follow-Ups:
References: