[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Deprecation of AH header from the IPSEC tool kit

To: Mailing List <OSPF@DISCUSS.MICROSOFT.COM>
Subject: Re: Deprecation of AH header from the IPSEC tool kit
From: RJ Atkinson <rja@inet.org>
Date: Mon, 19 Jun 2000 22:32:19 -0400
Cc: isis-wg@juniper.net, ipsec@lists.tislabs.com
In-Reply-To: <200006192326.TAA03469@bcn.East.Sun.COM>
Sender: owner-ipsec@lists.tislabs.com

At 19:26 19/06/00 , Radia Perlman - Boston Center for Networking wrote:

>What's the threat solved by authenticating the source route header
>at intermediate points? What would be the problem if a packet
>showed up at the destination, not having traversed the route
>you wanted? 

         There are a variety of specific attacks facilitated by forged or
improperly modified source routing headers.  I'm sure you can think
of several.

         I never ever provide cookbook information about specific threats
or attack mechanisms in public mailing lists or public meetings.
Some folks find this frustrating, but I have always and will always 
operate this way.

Ran
rja@inet.org

References:

Re: [Isis-wg] Re: Deprecation of AH header from the IPSEC tool kit

From: Radia Perlman - Boston Center for Networking <Radia.Perlman@East.Sun.COM>

Prev by Date: Re: [Isis-wg] Re: Deprecation of AH header from the IPSEC tool kit
Next by Date: IKE Delete message
Prev by thread: Re: [Isis-wg] Re: Deprecation of AH header from the IPSEC tool kit
Next by thread: Re: [Isis-wg] Re: Deprecation of AH header from the IPSEC tool kit
Index(es):
- Main
- Thread