[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec in tunnel mode and dynamic routing

To: Derek Atkins <warlord@mit.edu>
Subject: Re: ipsec in tunnel mode and dynamic routing
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Mon, 19 Nov 2001 14:49:41 -0500
Cc: Lars Eggert <larse@ISI.EDU>, Ricky Charlet <rcharlet@redcreek.com>, Giaretta Gerardo <Gerardo.Giaretta@TILAB.COM>, ipsec@lists.tislabs.com, xbone@ISI.EDU
Sender: owner-ipsec@lists.tislabs.com

In message <sjm7ksmk0g1.fsf@benjamin.ihtfp.org>, Derek Atkins writes:
>If all you want is to use IPsec for packet encryption and don't care
>about access control, this should suffice.  However you wont get
>source-address verification of packets.
>

It's not source address verification I'm concerned about, it's 
connection hijacking and DOSing.

		--Steve Bellovin, http://www.research.att.com/~smb
		Full text of "Firewalls" book now at http://www.wilyhacker.com

Follow-Ups:

Re: ipsec in tunnel mode and dynamic routing

From: Derek Atkins <warlord@mit.edu>

Prev by Date: Re: ipsec in tunnel mode and dynamic routing
Next by Date: IKEv2 (son-of-ike) draft
Prev by thread: Re: ipsec in tunnel mode and dynamic routing
Next by thread: Re: ipsec in tunnel mode and dynamic routing
Index(es):
- Main
- Thread