North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: key change for TCP-MD5
- From: Roland Dobbins
- Date: Fri Jun 23 18:06:54 2006
- Authentication-results: sj-dkim-8.cisco.com; [email protected]; dkim=pass (sig from cisco.com verified; );
- Dkim-signature: a=rsa-sha1; q=dns; l=807; t=1151100345; x=1151964345;c=relaxed/simple; s=sjdkim8001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version;d=cisco.com; [email protected]; z=From:Roland=20Dobbins=20<[email protected]>|Subject:Re=3A=20key=20change=20for=20TCP-MD5;X=v=3Dcisco.com=3B=20h=3DZpIYcUG2KxwUznMeNCxAE2C6WYU=3D; b=WMpHaWnx7V3CZE3MvZa/xMDQGbG4//ie3p2Jv5zTput5fS9BWdOUw+2vaIe9JjuN29Odt8dc10ctXK3m8VlB82G3V8AyzwyUgOBLuW8AFYFRZvvxXISFQXhkrU1HcGny;
On Jun 23, 2006, at 2:02 PM, Bora Akyol wrote:
If your IPSEC is being done in hardware and you have appropriate QoS
mechanisms in your network, you will probably not be able to pass
your best effort
traffic but the rest should be OK.
Unless the DoS is within the IPSEC tunnel and crowds out the good
traffic.
;>
Your original post seemed to imply that IPSEC is an anti-DoS
mechanism, as does the statement 'If you pay attention to detail, it
does help.' IPSEC is not an anti-DoS mechanism at all, it's
important to be clear about that.
----------------------------------------------------------------------
Roland Dobbins <[email protected]> // 408.527.6376 voice
Everything has been said. But nobody listens.
-- Roger Shattuck
|