> -----Original Message----- > From: Barry Greene (bgreene) [mailto:[EMAIL PROTECTED] > Sent: Friday, June 23, 2006 11:50 AM > To: Bora Akyol; Ross Callon; nanog@merit.edu > Subject: RE: key change for TCP-MD5 > > > > > If DOS is such a large concern, IPSEC to an extent can be used to > > mitigate against it. And IKEv1/v2 with IPSEC is not the horribly > > inefficient mechanism it is made out to be. In practice, it > is quite > > easy to use. > > IPSEC does nothing to protect a network device from a DOS > attack. You know that. >
Barry The validity of your statement depends tremendously on how IPSEC is implemented. Bora