securing 6bone tunnels

itojun@iijlab.net itojun@iijlab.net
Sat, 10 Mar 2001 01:29:39 +0900

Previous message: securing 6bone tunnels
Next message: (no subject)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>         to avoid attacks, I would like to encourage 6bone tunnel operators
>>         to establish IPv4 transport-mode AH (or IPv6-over-IPv4 tunnel
>>         mode AH) relationship with your peer.  how to do this is implementation
>>         dependent.  for KAME-based platforms, you'd need to get the latest
>>         KAME tree from ftp://ftp.kame.net/pub/kame/snap/ (*BSD releases
>>         do not have enough policy checking code).
>What is the oldest SNAP that has the required policy checking?

	you need a KAME SNAP kit after mar 1 2001 to enforce inbound
	policy checking.

itojun

Previous message: securing 6bone tunnels
Next message: (no subject)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]