key change for TCP-MD5

• Previous message (by thread): key change for TCP-MD5
• Next message (by thread): key change for TCP-MD5
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jun 23, 2006, at 2:02 PM, Bora Akyol wrote:

> If your IPSEC is being done in hardware and you have appropriate QoS
> mechanisms in your network, you will probably not be able to pass  
> your best effort
> traffic but the rest should be OK.

Unless the DoS is within the IPSEC tunnel and crowds out the good  
traffic.

;>

Your original post seemed to imply that IPSEC is an anti-DoS  
mechanism, as does the statement 'If you pay attention to detail, it  
does help.'  IPSEC is not an anti-DoS mechanism at all, it's  
important to be clear about that.

----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice

      Everything has been said.  But nobody listens.

                    -- Roger Shattuck

• Previous message (by thread): key change for TCP-MD5
• Next message (by thread): key change for TCP-MD5
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]