[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: isakmp cookies field
In message <20010806204824B.sakane@kame.net>, Shoichi Sakane writes:
>could anybody tell me what the benefit of the isakmp cookie field is ?
>i think the cookie indicates just isakmp spi. does it have any function
>to prevent from dos attack ?
It does not prevent simple resource starvation attacks. You might
want to read Bill Simpson's "IKE/ISAKMP considered harmful" about that.
You can find the article at
http://www.usenix.org/publications/login/1999-12/features/harmful.html
Greetings,
Niels.