search for: ipsec'd

...scan huge netblocks of cable modem users, looking for the occasional target to haX0r. But that doesn't stop the people who do. And to Allen, yes, I know that it wouldn't stop all MitM attacks. That's why I said "nearly eliminate". Hell, I'd rather all traffic be fully IPSec'd (ESP + AH) all the time, but that's just not feasible. Frankly, I don't know if the data involved is worth the overhead of even an SSL connection, much less some full key-exchange method. In the end, I'm just tossing out some ideas. I'm not the one who's actually going...

> A fully-encrypted connection would nearly eliminate the possibility of a > man-in-the-middle attack either hijacking the session or surreptitiously > switching bits mid-stream and changing the traffic on the fly. A man-in-the-middle attack is not easy to pull off. If you can show me why some person would be incented to attack someone like this, then maybe there is a case for it. As