Stupid Question, I don't understand how IPSec is secure. Can't you just kill the IPSec connection, or is IPSec connectionless? As I understand it you have [TCP HEADER | TCP DATA ] in a TCP Packet. With Ipsec you have [ TCP Header | encrypted([TCP HEADER | TCP DATA]) ] that you could still kill.
Steve -----Original Message----- From: Florian Weimer [mailto:[EMAIL PROTECTED] Sent: April 20, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: Re: Major TCP Vulnerability Phillip Hofmeister <[EMAIL PROTECTED]> writes: > This article isn't anything I am going to loose sleep over. Any > mission critical long term TCP connections over an untrusted network > (The > Internet) should already be using IPSec. Core routers usually don't have the CPU power to run IPsec (yes, it sounds ridiculous, but it's mostly that way). However, I agree that this won't have much impact on the network as a whole. The emergency reconfiguration that took place during the past weeks (and which is being touted by the media as a prudent countermeasure) caused more large-scale destabilization than future attacks. 8-( -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: atlas.cz, bigpond.com, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
