O'Reilly logo

VPNs Illustrated: Tunnels, VPNs, and IPsec by Jon C. Snader

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

11. AH

11.1 Introduction

An unprotected IP datagram is subject to arbitrary manipulation by an attacker. The header is covered by the usual Internet checksum, but this provides protection only against corruption; an attacker can modify any of the header fields and be undetected by merely recalculating the checksum. The same principle applies to the data portion. Datagrams carrying TCP segments or UDP datagrams have their data protected by another Internet checksum, but again, the data is easily manipulated by an attacker, who needs only modify the data and recalculate the checksum.

Some situations require that hosts or networks be able to verify that IP datagrams are from whom they purport to be and that their payloads have not been tampered ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required