Re: IPv6, IPSEC and deep packet inspection

• Previous message: J. Oquendo: "Re: Active and available abuse desks"
• Maybe in reply to: Joe Abley: "Re: IPv6, IPSEC and deep packet inspection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Fri, Dec 31, 2004 at 05:32:24PM +0000, Sam Stickland wrote:

> Since IPSEC is an integral part of IPv6 won't this have an affect on the
> deep packet inspection firewalls? Is this type of inspection expected to
> work in IPv6?

Well it will work as good as the Virus-Scanning on Firewalls,
when you use a SSL website.

> Perhaps using some kind of NAP the firewall is allowed to speak on behalf
> of the host(s) it firewalls, so that to the client it appears to be the
> firewall itself appears to be the IPSEC endpoint?

If the IPSEC implementation allows that it
is seriously broken. You are proposing the firewall to run a man
in the middle attack.

Nils

• Previous message: J. Oquendo: "Re: Active and available abuse desks"
• Maybe in reply to: Joe Abley: "Re: IPv6, IPSEC and deep packet inspection"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]