IPv6, IPSEC and DoS

David Barak thegameiam at yahoo.com
Mon Jan 3 16:11:48 UTC 2005

--- Iljitsch van Beijnum <iljitsch at muada.com> wrote:

> If you can then enforce the port->MAC->IP mappings
> you're pretty much 
> bullet proof. I know there are switches that can
> handle the port->MAC 
> part. An alternative for the MAC->IP part would be
> the TCP MD5 option 
> or IPsec.

I guess it's true that everything old is new again:
isn't this effectively circuit-switching?  If you're
dedicating network elements to particular hosts in a
non-dynamic manner, doesn't that make your
infrastructure effectively a PBX, where moving
{device} from one room to the next requires a a
technician's assistance?

-David Barak

David BarakNeed Geek Rock?  Try The Franchise.

Do you Yahoo!? 
Take Yahoo! Mail with you! Get it on your mobile phone. 

More information about the NANOG mailing list