North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IPv6, IPSEC and DoS

  • From: David Barak
  • Date: Mon Jan 03 11:12:56 2005
  • Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=fnfJ92zv48281RV5ooqnq9sl9Er9y4WKMqysRsGtTVxH2un+g2gj2HT+1WGIuaMWZq545ud2q1TYcnnJvJIi7I5eUGfeRG50U3i7UkmG/1HGgzVpOU8Rzi6i0KB/r4uCAlgCFE0y1h09dgyZWYekOkJpe0T9BTwqrL9+rcs0g0Q= ;

--- Iljitsch van Beijnum <[email protected]> wrote:

> If you can then enforce the port->MAC->IP mappings
> you're pretty much 
> bullet proof. I know there are switches that can
> handle the port->MAC 
> part. An alternative for the MAC->IP part would be
> the TCP MD5 option 
> or IPsec.
> 
> 

I guess it's true that everything old is new again:
isn't this effectively circuit-switching?  If you're
dedicating network elements to particular hosts in a
non-dynamic manner, doesn't that make your
infrastructure effectively a PBX, where moving
{device} from one room to the next requires a a
technician's assistance?

-David Barak


=====
David BarakNeed Geek Rock?  Try The Franchise.


		
__________________________________ 
Do you Yahoo!? 
Take Yahoo! Mail with you! Get it on your mobile phone. 
http://mobile.yahoo.com/maildemo