On Thu, Feb 17, 2000 at 01:16:54AM -0800, Philip J. Koenig wrote: > Seems to me that the packet-authentication aspect of IPv6 > would go a long way toward making sure you can track the > source of packets too. But IKE (IPSEC's key exchange component) has denial-of-service problems of its own. You can overload an IKE server easily. The end-result is the same: no Internet dialtone. Some proposals to mitigate IKE attacks do exist, but they all have drawbacks. Ge' -- - Ge' Weijers Voice: (614)326 4600 Progressive Systems, Inc. FAX: (614)326 4601 2000 West Henderson Rd. Suite 400, Columbus OH 43220
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:05:13 PDT