[76881] in North American Network Operators' Group
Re: IPv6, IPSEC and DoS
daemon@ATHENA.MIT.EDU (David Barak)
Mon Jan 3 11:12:16 2005
Date: Mon, 3 Jan 2005 08:11:48 -0800 (PST)
From: David Barak <thegameiam@yahoo.com>
To: nanog@nanog.org
In-Reply-To: <C794297E-5D9F-11D9-BA2A-000A95CD987A@muada.com>
Errors-To: owner-nanog-outgoing@merit.edu
--- Iljitsch van Beijnum <iljitsch@muada.com> wrote:
> If you can then enforce the port->MAC->IP mappings
> you're pretty much
> bullet proof. I know there are switches that can
> handle the port->MAC
> part. An alternative for the MAC->IP part would be
> the TCP MD5 option
> or IPsec.
>
>
I guess it's true that everything old is new again:
isn't this effectively circuit-switching? If you're
dedicating network elements to particular hosts in a
non-dynamic manner, doesn't that make your
infrastructure effectively a PBX, where moving
{device} from one room to the next requires a a
technician's assistance?
-David Barak
=====
David BarakNeed Geek Rock? Try The Franchise.
__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo
