23 Jun
2006
23 Jun
'06
4:35 p.m.
-----Original Message----- From: Barry Greene (bgreene) [mailto:bgreene@cisco.com] Sent: Friday, June 23, 2006 11:50 AM To: Bora Akyol; Ross Callon; nanog@merit.edu Subject: RE: key change for TCP-MD5
If DOS is such a large concern, IPSEC to an extent can be used to mitigate against it. And IKEv1/v2 with IPSEC is not the horribly inefficient mechanism it is made out to be. In practice, it is quite easy to use.
IPSEC does nothing to protect a network device from a DOS attack. You know that.
Barry The validity of your statement depends tremendously on how IPSEC is implemented. Bora