Re: Is "Denial Of Service attack" a security issue?

[David Chen <dchen@indusriver.com>]

At 09:07 AM 5/26/00 -0700, you wrote:
>David Chen wrote:
> >
> > Since the IPSec, especially IKE, is not DOS attack resistant,
> > what is the IPSec security level try to achieve?
> > Shall this been documented in the RFC for the scope/capability of
> > security level?
> > Or let user find out later? (ie. been attacked)
> > --- David
>
>While there are DoS issues in IKE that may be remedied by modifications,
>I think that a device which is capable of wireline-speed processing is
>effectively immune to most of these. In the case where an attacker is
>capable of saturating the medium with packets, there are other remedies.
>
>I think there was consensus in Adelaide that IKE could benefit from some
>revisions, although it's not clear how much revision the AD's will
>permit at this point. If you have specific suggestions for bolstering
>IKE in terms of DoS attacks, I certainly would be interested in hearing
>them.
>
>One such suggestion has already been documented in a draft (IKE base
>mode).

Are you referring "cookies" solution that was killed by simpson's draft?



>Scott

---

Follow-Ups:

• Re: Is "Denial Of Service attack" a security issue?
• From: "Scott G. Kelly" <skelly@redcreek.com>

References:

• Is "Denial Of Service attack" a security issue?
• From: David Chen <dchen@indusriver.com>
• Re: Is "Denial Of Service attack" a security issue?
• From: David Chen <dchen@indusriver.com>
• Re: Is "Denial Of Service attack" a security issue?
• From: "Scott G. Kelly" <skelly@redcreek.com>

---

• Prev by Date: RE: New patent info
• Next by Date: Re: Is "Denial Of Service attack" a security issue?
• Prev by thread: Re: Is "Denial Of Service attack" a security issue?
• Next by thread: Re: Is "Denial Of Service attack" a security issue?
• Index(es):
  • Main
  • Thread