nanog mailing list archives
Re: IPv6, IPSEC and DoS
From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Sun, 2 Jan 2005 11:20:11 +0100
On 1-jan-05, at 22:20, Rob Thomas wrote:
] But as long as people get to snif your packets, you're dead in the ] water unless you use IPsec.
The same is often said about SSL for web transactions. This is why keystroke loggers are so popular in bots and other malware. The point is that folks shouldn't assume that encrypted packets keep them safe. Encryption != security.
Well, then use IPsec between your keyboard and the host. :-) And IPsec != encryption.Obviously there are many ways to be insecure even if you use IPsec, but my point is that if someone can snif your packets, they always get to break your sessions unless you use IPsec (or TCP MD5). Even SSL doesn't do you any good since it sits on top of TCP which leaves TCP vulnerable. SSL however will make sure that IF your session stays up whatever data makes it through hasn't been modified and even if sniffed, the clear text isn't available to others.
Current thread:
- IPv6, IPSEC and DoS J. Oquendo (Dec 31)
- Re: IPv6, IPSEC and DoS Christopher L. Morrow (Dec 31)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 01)
- Re: IPv6, IPSEC and DoS Rob Thomas (Jan 01)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 02)
- Re: IPv6, IPSEC and DoS Valdis . Kletnieks (Jan 01)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 02)
- Re: IPv6, IPSEC and DoS Valdis . Kletnieks (Jan 02)
- Re: IPv6, IPSEC and DoS Rob Thomas (Jan 01)
- <Possible follow-ups>
- Re: IPv6, IPSEC and DoS J. Oquendo (Jan 03)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 03)
- Re: IPv6, IPSEC and DoS David Barak (Jan 03)
- Re: IPv6, IPSEC and DoS Joe Abley (Jan 03)
- Re: IPv6, IPSEC and DoS David Barak (Jan 03)
- Re: IPv6, IPSEC and DoS Christopher L. Morrow (Jan 03)
- Re: IPv6, IPSEC and DoS Sean Donelan (Jan 03)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 03)