-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2004-11-03, at 01.28, Erik Nordmark wrote:
> If a host wants to prevent packet injection attacks today (such as
> spoofed RCP RST packets, if it wants to prevent it from all nodes and
> not depend on ingress filtering, wouldn't it use IPsec?
That would have to be a must. I can't see anyone building a trust model
based on (the non-existing) ingress filtering. That said, I think most
protection against packet injection attacks on todays Internet is
actually left to ULPs.