[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: isakmp cookies field

To: Shoichi Sakane <sakane@kame.net>
Subject: Re: isakmp cookies field
From: Niels Provos <provos@citi.umich.edu>
Date: Tue, 07 Aug 2001 07:24:48 -0400
Cc: ipsec@lists.tislabs.com
In-Reply-To: Shoichi Sakane, Mon, 06 Aug 2001 20:48:24 +0900
Sender: owner-ipsec@lists.tislabs.com

In message <20010806204824B.sakane@kame.net>, Shoichi Sakane writes:
>could anybody tell me what the benefit of the isakmp cookie field is ?
>i think the cookie indicates just isakmp spi.  does it have any function
>to prevent from dos attack ?
It does not prevent simple resource starvation attacks.  You might
want to read Bill Simpson's "IKE/ISAKMP considered harmful" about that.
You can find the article at

  http://www.usenix.org/publications/login/1999-12/features/harmful.html

Greetings,
 Niels.

Prev by Date: problems in manual keying
Next by Date: Position of certificate payload in IKE Aggressive Mode as Initiator
Next by thread: I-D ACTION:draft-ietf-ipsec-ike-lifetime-00.txt
Index(es):
- Main
- Thread