[Swan-dev] IKEv1: Remove all IPsec SA's of a connection when newest SA is removedrefs/heads/master
D. Hugh Redelmeier
hugh at mimosa.com
Wed Aug 26 19:59:44 EEST 2015
| From: Antony Antony <antony at phenome.org>
| I am wondering woudn't this situation avoided by enabling "initial-contact"?
It is an article of faith that initial-contact is an invitation to DoS
and should be ignored. For this to be true, it must not be
authenticated, and I don't remember whether this is the case (and I
cannot check at the moment).
More information about the Swan-dev
mailing list