IKE DoS (a little off-topic)

[Neil Buckley <nwbuckley () mediaone net>]

Sorry if this is a duplicate message, I sent it last week but didn't see
it post to the list 8)

Someone had made mention that the IKE process in IPSec could fall prey
to some basic DoS type attacks.  Since I have been involved in a large
VPN deployment I was interested in determining exactly what attacks have
occurred and how the risk can be mitigated.  Is the attack a theory?
IE. one "could" flood the tunnel termination point with bogus requests
ultimately running it out of resources, or have there been actual
scituations where this type of attack was successfuly used?

So far my search has produced little data, I have read the RFC and the
token that was implemented as a throttling mechanism for such an attack,
but I have yet to find any hard core evidence that that suggests IKE is
susceptible to a basic DoS and if it is how do you reduce the risk of
falling victim to it.

does anyone have any thoughts or pointers related to this subject?

Thanks,

--Neil