> But much of the appeal for firewalls (and some people extend this to limited
> scope addressing, but I'm not sure if the extension is really necessary)
> lies in their ability to limit DoS attacks. DoS attacks are essentially
> attacks on a network and I have some trouble seeing how end to end security
> between two devices can limit a DoS attack. Maybe I am missing something,
> however.
Yep - end2end security isn't sufficient if you have a wide range of
network bandwidth (and too some extent also CPU capacity to deal
with network packets) across the network.
Some approaches to deal with DoS is thus needed.
I don't know if anybody is working on host-assisted approaches.
I can imagine interesting approaches like hosts on slow links sending
"priority lists" upstream (to specify the relative priority of packets -
based on a class description - that are destined towards the host) as one
way of being able to cope with DoS flooding attacks.
Erik
_______________________________________________
Saad mailing list
Saad@ietf.org
https://www1.ietf.org/mailman/listinfo/saad
