[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

HIP firewalling

To: "Ayyasamy, Senthilkumar (UMKC-Student)" <saq66@umkc.edu>
Subject: HIP firewalling
From: Pekka Nikander <pekka.nikander@nomadiclab.com>
Date: Mon, 16 Feb 2004 13:28:11 +0200
Cc: Multi6 List <multi6@ops.ietf.org>, hipsec@honor.trusecure.com
In-reply-to: <5EF7D95E17BDAD4A968C812E5ABC390B011082BC@KC-MAIL4.kc.umkc.edu>
References: <5EF7D95E17BDAD4A968C812E5ABC390B011082BC@KC-MAIL4.kc.umkc.edu>

Senthil,

As a side note, how is HIP going to allow port blocking? Will it avoid
worm attacks by its puzzle mechanism. I don't think it is possible (but
it can reduce its spawning speed.)


You can build a HIP firewall that uses HIs as the level of
granularity.  Beyond that, on the port level, you have to
do locally at the host.  But that's the right way to do it
anyway, IMHO.  The current worms and other internet fauna
are a problem that SHOULD NOT be handled at the network level
but by the operating system.

Do you expect to run HIP in your Win98 box?

--Pekka N.

References:
- RE: CELP (was RE:)
  - From: "Ayyasamy, Senthilkumar \(UMKC-Student\)" <saq66@umkc.edu>

Prev by Date: Re: New multi6 draft: WIMP
Next by Date: RE: draft-huitema-multi6-hosts-03
Previous by thread: RE: CELP (was RE:)
Next by thread: port blocking (was Re: CELP (was RE:) )
Index(es):
- Date
- Thread