3.9.5.1 Receiving Message #1

On receipt of message #1, the host MUST validate the message, as specified in [RFC2408] section 5. If message #1 is correctly validated, the host MUST construct message #2 in response, as follows:

• The message MUST consist of only an ISAKMP header and a Notify payload structure, as specified in [RFC2408] section 3.14.

• The ISAKMP header MUST be constructed as specified in [RFC2409] section 5.7. The message ID field is unique to this exchange, as specified in [RFC2409] section 5.7.

• The notify message type MUST be set to NOTIFY_DOS_COOKIE, and the notification data MUST contain an 8-byte cookie value. The cookie generation mechanism is implementation-dependent but SHOULD be stateless to provide good DoS protection.<27>

The host MUST then silently discard message #1, even if the message is correctly validated.