nsis-11----Page:10
1 2 3 4 5 6 7 8 9 10 11 12
|
Security considerations Constraints: No per flow states within the domain, no reverse routing state Threats: Injecting signaling messages by off-path, on-path non-NSIS nodes Injecting messages by on-path NSIS nodes Remarking of packets to indicate severe congestion Possible security solutions: Protection of edge-to-edge messages to limit signaling protocol interaction with nodes within the domain Consistency checks: identify and check fields that cannot be changed, RII, PDR NONCE, consistency between intra-domain and inter-domain messages Intrusion detection to deal with malicious node (packet data marking) |