[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2004-11-03, at 01.28, Erik Nordmark wrote:
> If a host wants to prevent packet injection attacks today (such as
> spoofed RCP RST packets, if it wants to prevent it from all nodes and
> not depend on ingress filtering, wouldn't it use IPsec?
That would have to be a must. I can't see anyone building a trust model
based on (the non-existing) ingress filtering. That said, I think most
protection against packet injection attacks on todays Internet is
actually left to ULPs.
- - kurtis -
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQYiElKarNKXTPFCVEQJO4ACfQ6Swyp03I6EaKoaeQkmw1mvzkC0AoI/W
gCUKJxD5fCvv0QHhexPyBDmy
=hqua
-----END PGP SIGNATURE-----