key change for TCP-MD5
Roland Dobbins
rdobbins at cisco.com
Fri Jun 23 22:05:43 UTC 2006
On Jun 23, 2006, at 2:02 PM, Bora Akyol wrote:
> If your IPSEC is being done in hardware and you have appropriate QoS
> mechanisms in your network, you will probably not be able to pass
> your best effort
> traffic but the rest should be OK.
Unless the DoS is within the IPSEC tunnel and crowds out the good
traffic.
;>
Your original post seemed to imply that IPSEC is an anti-DoS
mechanism, as does the statement 'If you pay attention to detail, it
does help.' IPSEC is not an anti-DoS mechanism at all, it's
important to be clear about that.
----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
Everything has been said. But nobody listens.
-- Roger Shattuck
More information about the NANOG
mailing list