alias-2----Page:11
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
|
Example 3: Network-based Packet Filtering Problem: Spoofed IPsec packets to VPN client can consume valuable transport resources, especially in bandwidth-limited wireless links Solution: Network-based packet filtering Issue: Client mobility requires dynamic configuration, invocation and revocation of network-based filters VPN Client Enterprise VPN Gateway Wireless Access Network Internet Attacker sends address-spoofed, IPSec encrypted packets to mobile user Packet Filter Attacker End-to-End IPSec Tunnel |