[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipsec in tunnel mode and dynamic routing
In message <sjm7ksmk0g1.fsf@benjamin.ihtfp.org>, Derek Atkins writes:
>If all you want is to use IPsec for packet encryption and don't care
>about access control, this should suffice. However you wont get
>source-address verification of packets.
>
It's not source address verification I'm concerned about, it's
connection hijacking and DOSing.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com
Follow-Ups: