ipsec November 2007 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: [IPsec] IKEv2 - possible attack from legitimate node(s)?

[IPsec] IKEv2 - possible attack from legitimate node(s)?

From: Hisyam F. <f_hisyam_at_nospam>
Date: Tue Nov 27 2007 - 04:07:42 GMT
To: ipsec@ietf.org

Hi, I'm relatively new to IPsec. I would like to ask regarding the DoS protection in IPsec. Based on the IKEv2 standard, there is an anti-clogging mechanism via "cookie" notification in Notify payload which prevent DoS attack on message echange (i.e.,phase 1). It seems that the DoS attack is assumed to have or mounted from spoof IP address. In that sense, I would like to know whether IPsec (especially the IKEv2) contains any protection from legitimate node(s) (as an example DDoS)? In addition, is this type of attack feasible on IKEv2? Thanks. ___________________________________________________________ Yahoo! Answers - Got a question? Someone out there knows the answer. Try it now. http://uk.answers.yahoo.com/

_______________________________________________ IPsec mailing list