Firewall Wizards mailing list archives

Re: Recent Attacks

From: "Ge' Weijers" <ge () progressive-systems com>
Date: Fri, 18 Feb 2000 17:08:03 -0700

On Thu, Feb 17, 2000 at 01:16:54AM -0800, Philip J. Koenig wrote:

Seems to me that the packet-authentication aspect of IPv6
would go a long way toward making sure you can track the
source of packets too.


But IKE (IPSEC's key exchange component) has denial-of-service
problems of its own. You can overload an IKE server easily. The
end-result is the same: no Internet dialtone.

Some proposals to mitigate IKE attacks do exist, but they all have
drawbacks.

Ge'

-- 
-
Ge' Weijers                                Voice: (614)326 4600
Progressive Systems, Inc.                    FAX: (614)326 4601
2000 West Henderson Rd. Suite 400, Columbus OH 43220

Current thread:

Re: Recent Attacks, (continued)
- - - Re: Recent Attacks Philip J. Koenig (Feb 16)
    - Re: Recent Attacks Ryan Russell (Feb 17)
    - Re: Recent Attacks David A. Wagner (Feb 21)
    - Message not available
    - Re: Recent Attacks Marcus J. Ranum (Feb 17)
    - Re: Recent Attacks Ryan Russell (Feb 18)
    - Re: Recent Attacks Terry Lee Moore (Feb 15)
    - Re: Recent Attacks Marcus J. Ranum (Feb 16)
    - Re: Recent Attacks Bennett Todd (Feb 16)
    - Re: Recent Attacks Philip J. Koenig (Feb 17)
    - Re: Recent Attacks Reverend Chris Cappuccio (Feb 17)
    - Re: Recent Attacks Ge' Weijers (Feb 19)
    - Re: Recent Attacks Malcolm Holser (Feb 17)
    - Re: Recent Attacks Brad Van Orden (Feb 17)
    - Re: Recent Attacks Philip J. Koenig (Feb 17)
    - Message not available
    - Re: Recent Attacks David LeBlanc (Feb 17)
    - Re: Recent Attacks Philip J. Koenig (Feb 17)
    - Re: Recent Attacks Ryan Russell (Feb 19)
    - Message not available
    - Re: Recent Attacks David LeBlanc (Feb 19)
    - Message not available
    - Re: Recent Attacks David LeBlanc (Feb 19)
    - Re: Recent Attacks Ryan Russell (Feb 19)
    - Re: Recent Attacks Philip J. Koenig (Feb 23)

(Thread continues...)