|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: IPv6, IPSEC and deep packet inspection
On Fri, Dec 31, 2004 at 05:32:24PM +0000, Sam Stickland wrote: > Since IPSEC is an integral part of IPv6 won't this have an affect on the > deep packet inspection firewalls? Is this type of inspection expected to > work in IPv6? Well it will work as good as the Virus-Scanning on Firewalls, when you use a SSL website. > Perhaps using some kind of NAP the firewall is allowed to speak on behalf > of the host(s) it firewalls, so that to the client it appears to be the > firewall itself appears to be the IPSEC endpoint? If the IPSEC implementation allows that it is seriously broken. You are proposing the firewall to run a man in the middle attack. Nils
|