RE: inter-site WAN security question

["David Gillett" <gillettdavid () fhda edu>]

  They would see the IP addresses of the VPN termination points.
They would not be able to see the addresses of individual clients 
whose traffic was being tunnelled.

  If you wish to conceal the fact that these two sites are exchanging
traffic, simply wrapping it in a tunnel won't achieve that.

David Gillett


> -----Original Message-----
> From: listbounce () securityfocus com 
> [mailto:listbounce () securityfocus com] On Behalf Of 
> nobledark () hushmail com
> Sent: Wednesday, July 04, 2007 4:15 PM
> To: Security Basics Forum
> Subject: Re: inter-site WAN security question
>
> Hi Andrew, thanks for the quick reply..
>
> So if I understand you correctly, if someone were sniffing on 
> a router between the two sites and the VPN was in tunnel mode 
> then they would not be able to see the source and destination 
> IP's - is that correct?
>
> Sorry, a bit ignorant about the inner workings of IPSEC 
> VPNs...what about during the initial tunnel establishment - 
> how does the vpn server at s1 know the path to the vpn server at s2?
>
>
> Thanks again...
>
> On Wed, 04 Jul 2007 15:33:06 -0400 Andrew Harris 
> <andrew.f.harris () gmail com> wrote:
> > The question you want answered is based on the implementation of the 
> > VPN.
> > If the VPN is using IPSec's Tunnel mode, headers & the payload are 
> > encrypted/encapsulated.  If just using Transport mode, only 
> the payload 
> > is encapsulated so the IP appear in plaintext.  So to answer your 
> > question, if using Transport mode, then the hacker would be 
> able to see 
> > the that S1 and
> > S2 are in communication.  In Tunnel mode, the hacker would 
> have a very 
> > hard time and then the weakness of the security lies in the IPSec 
> > encryption itself (how long it takes to crack that...).
> >
> > Hope this helps
> >
> > On 7/4/07, nobledark () hushmail com <nobledark () hushmail com> wrote:
> > > Hi,
> > >
> > > 1st post - I had a hypothetical question poised to me that I
> > could
> > > not answer so I thought that I would ask the list. Here's the
> > > scenario:
> > >
> > > - Two sites, s1 and s2
> > > - s1 and s2 have the need for a bi-directional WAN link
> > > - The WAN link would be secured via a VPN and all traffic would
> > be
> > > tunneled through the VPN
> > > - Both sites are connected via broadband links; s1 is on a cable 
> > > modem and s2 utilizes a factional T-1.
> > > - There are 5 hops between s1 and s2.
> > >
> > > Given this scenario, the question was, how anonymous can the 
> > > connection be between these sites? Put a different way, 
> assuming that 
> > > s1 and s2 are secure and not under hacker control, how much
>
> > of
> > > a threat is there of a 3rd party monitoring the traffic stream
> > over
> > > the route between the sites and discovering that they are
> > talking
> > > to each other?
> > >
> > > Thanks....
> > >
> > > --
> > > Discount Online Trading - Click Now!
> > http://tagline.hushmail.com/fc/Ioyw6h4dPYvV4GSzCfyZF7HOo0xdrbO1a8xm
>
> > 8LNUn1sHPajMGphSbS/
> > >
>
> --
> Click to find great rates on home insurance, save big, shop 
> here 
> http://tagline.hushmail.com/fc/Ioyw6h4d8gY2AcUnkAkpjrFJzGJZwrN
> Pq48uSJV6u8BD7b5nGmwGoE/