[IPsec] IKEv2 - possible attack from legitimate node(s)?

Hi, I'm relatively new to IPsec. I would like to ask regarding the DoS protection in IPsec. Based on the IKEv2 standard, there is an anti-clogging mechanism via "cookie" notification in Notify payload which prevent DoS attack on message echange (i.e.,phase 1). It seems that the DoS attack is assumed to have or mounted from spoof IP address. In that sense, I would like to know whether IPsec (especially the IKEv2) contains any protection from legitimate node(s) (as an example DDoS)? In addition, is this type of attack feasible on IKEv2? Thanks. ___________________________________________________________ Yahoo! Answers - Got a question? Someone out there knows the answer. Try it now. http://uk.answers.yahoo.com/

_______________________________________________ IPsec mailing list
IPsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

• This message: [ Message body ]
• Next message: Inger.Bohlbro_at_nospam: "RE: [IPsec] Use of SPD in verifying incoming packets"
• Previous message: Tero Kivinen: "Re: [IPsec] CHILD_SA and PFS"
• Next in thread: Yoav Nir: "Re: [IPsec] IKEv2 - possible attack from legitimate node(s)?"
• Reply: Yoav Nir: "Re: [IPsec] IKEv2 - possible attack from legitimate node(s)?"
• Maybe reply: Hisyam F.: "Re: [IPsec] IKEv2 - possible attack from legitimate node(s)?"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]