IPv6, IPSEC and deep packet inspection

• Previous message (by thread): Active and available abuse desks
• Next message (by thread): Hotel
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Dec 31, 2004 at 05:32:24PM +0000, Sam Stickland wrote:

> Since IPSEC is an integral part of IPv6 won't this have an affect on the 
> deep packet inspection firewalls? Is this type of inspection expected to 
> work in IPv6?

Well it will work as good as the Virus-Scanning on Firewalls,
when you use a SSL website. 

> Perhaps using some kind of NAP the firewall is allowed to speak on behalf 
> of the host(s) it firewalls, so that to the client it appears to be the 
> firewall itself appears to be the IPSEC endpoint?

If the IPSEC implementation allows that it
is seriously broken. You are proposing the firewall to run a man
in the middle attack. 


Nils

• Previous message (by thread): Active and available abuse desks
• Next message (by thread): Hotel
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]