nanog mailing list archives
Re: IPv6, IPSEC and DoS
From: David Barak <thegameiam () yahoo com>
Date: Mon, 3 Jan 2005 08:11:48 -0800 (PST)
--- Iljitsch van Beijnum <iljitsch () muada com> wrote:
If you can then enforce the port->MAC->IP mappings you're pretty much bullet proof. I know there are switches that can handle the port->MAC part. An alternative for the MAC->IP part would be the TCP MD5 option or IPsec.
I guess it's true that everything old is new again:
isn't this effectively circuit-switching? If you're
dedicating network elements to particular hosts in a
non-dynamic manner, doesn't that make your
infrastructure effectively a PBX, where moving
{device} from one room to the next requires a a
technician's assistance?
-David Barak
=====
David BarakNeed Geek Rock? Try The Franchise.
__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo
Current thread:
- IPv6, IPSEC and DoS J. Oquendo (Dec 31)
- Re: IPv6, IPSEC and DoS Christopher L. Morrow (Dec 31)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 01)
- Re: IPv6, IPSEC and DoS Rob Thomas (Jan 01)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 02)
- Re: IPv6, IPSEC and DoS Valdis . Kletnieks (Jan 01)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 02)
- Re: IPv6, IPSEC and DoS Valdis . Kletnieks (Jan 02)
- Re: IPv6, IPSEC and DoS Rob Thomas (Jan 01)
- <Possible follow-ups>
- Re: IPv6, IPSEC and DoS J. Oquendo (Jan 03)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 03)
- Re: IPv6, IPSEC and DoS David Barak (Jan 03)
- Re: IPv6, IPSEC and DoS Joe Abley (Jan 03)
- Re: IPv6, IPSEC and DoS David Barak (Jan 03)
- Re: IPv6, IPSEC and DoS Christopher L. Morrow (Jan 03)
- Re: IPv6, IPSEC and DoS Sean Donelan (Jan 03)
- Re: IPv6, IPSEC and DoS Todd Vierling (Jan 03)
- Re: IPv6, IPSEC and DoS Iljitsch van Beijnum (Jan 03)