Security Basics mailing list archives
Re: inter-site WAN security question
From: Joseph Brown <joseph.brown1 () fuse net>
Date: Fri, 06 Jul 2007 08:17:30 -0400
That is incorrect. The header is not encrypted. A person sniffing would be able to see source and destination addresses. The only way to prevent this would be to using something like the onion router (http://tor.eff.org/). When using this, the packets will be sent to 13 different routers before being sent to the destination. You can read more about it at http://tor.eff.org/.
Joe Brown nobledark () hushmail com wrote:
Hi Andrew, thanks for the quick reply..So if I understand you correctly, if someone were sniffing on a router between the two sites and the VPN was in tunnel mode then they would not be able to see the source and destination IP's - is that correct?Sorry, a bit ignorant about the inner workings of IPSEC VPNs...what about during the initial tunnel establishment - how does the vpn server at s1 know the path to the vpn server at s2?Thanks again...On Wed, 04 Jul 2007 15:33:06 -0400 Andrew Harris <andrew.f.harris () gmail com> wrote:The question you want answered is based on the implementation of the VPN.If the VPN is using IPSec's Tunnel mode, headers & the payload areencrypted/encapsulated. If just using Transport mode, only the payload is encapsulated so the IP appear in plaintext. So to answer your question, if using Transport mode, then the hacker would be able to see the that S1 and S2 are in communication. In Tunnel mode, the hacker would have a very hard time and then the weakness of the security lies in the IPSec encryptionitself (how long it takes to crack that...). Hope this helps On 7/4/07, nobledark () hushmail com <nobledark () hushmail com> wrote:Hi,1st post - I had a hypothetical question poised to me that Icouldnot answer so I thought that I would ask the list. Here's the scenario: - Two sites, s1 and s2 - s1 and s2 have the need for a bi-directional WAN link- The WAN link would be secured via a VPN and all traffic wouldbetunneled through the VPN - Both sites are connected via broadband links; s1 is on a cable modem and s2 utilizes a factional T-1. - There are 5 hops between s1 and s2. Given this scenario, the question was, how anonymous can the connection be between these sites? Put a different way, assumingthat s1 and s2 are secure and not under hacker control, how muchofa threat is there of a 3rd party monitoring the traffic streamoverthe route between the sites and discovering that they aretalkingto each other? Thanks.... -- Discount Online Trading - Click Now!http://tagline.hushmail.com/fc/Ioyw6h4dPYvV4GSzCfyZF7HOo0xdrbO1a8xm8LNUn1sHPajMGphSbS/-- Click to find great rates on home insurance, save big, shop here http://tagline.hushmail.com/fc/Ioyw6h4d8gY2AcUnkAkpjrFJzGJZwrNPq48uSJV6u8BD7b5nGmwGoE/
Current thread:
- inter-site WAN security question nobledark (Jul 04)
- Re: inter-site WAN security question Ansgar -59cobalt- Wiechers (Jul 04)
- <Possible follow-ups>
- Re: inter-site WAN security question nobledark (Jul 05)
- RE: inter-site WAN security question David Gillett (Jul 05)
- RE: inter-site WAN security question Dan Denton (Jul 05)
- Re: inter-site WAN security question Dathan Bennett (Jul 05)
- Re: inter-site WAN security question Ansgar -59cobalt- Wiechers (Jul 06)
- Re: inter-site WAN security question Joseph Brown (Jul 06)
- Re: inter-site WAN security question Ansgar -59cobalt- Wiechers (Jul 06)