-----Original Message----- From: Barry Greene (bgreene) [mailto:bgreene@cisco.com] Sent: Friday, June 23, 2006 11:50 AM To: Bora Akyol; Ross Callon; nanog@merit.edu Subject: RE: key change for TCP-MD5
If DOS is such a large concern, IPSEC to an extent can be used to mitigate against it. And IKEv1/v2 with IPSEC is not the horribly inefficient mechanism it is made out to be. In practice, it is quite easy to use.
IPSEC does nothing to protect a network device from a DOS attack. You know that.
Barry The validity of your statement depends tremendously on how IPSEC is implemented. Bora
On Fri, 23 Jun 2006 13:35:20 PDT, Bora Akyol said:
The validity of your statement depends tremendously on how IPSEC is implemented.
If 113 million packets all show up at once, you're going to get DoS'ed, whether or not you have IPSEC enabled.
participants (2)
-
Bora Akyol
-
Valdis.Kletnieks@vt.edu