Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: RE: inter-site WAN security question

RE: inter-site WAN security question

From: Dan Denton <ddenton_at_remitpro.com>
Date: Thu, 5 Jul 2007 14:29:31 -0500

In the case of cisco pix VPN's, the firewalls are supplied the ip address of the peer device, an encryption key (password), algorithms and hashes, and a few other bits of info. If those things are the same on both ends, the tunnel is established. Of course there's more to it than this, but no other pathing info is needed. As long as the internet connectivity is there, and the routing is working, the rest is in the details and setup.

As far as the ability to sniff, all the traffic should be encrypted, not just some, so anyone performing a MIM shouldn't be able to pick out pertinent info from the stream without breaking the encryption.

-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com] On Behalf Of nobledark_at_hushmail.com
Sent: Wednesday, July 04, 2007 6:15 PM
To: Security Basics Forum
Subject: Re: inter-site WAN security question

Hi Andrew, thanks for the quick reply..

So if I understand you correctly, if someone were sniffing on a
router between the two sites and the VPN was in tunnel mode then
they would not be able to see the source and destination IP's - is
that correct?

Sorry, a bit ignorant about the inner workings of IPSEC VPNs...what
about during the initial tunnel establishment - how does the vpn
server at s1 know the path to the vpn server at s2?

Thanks again...

On Wed, 04 Jul 2007 15:33:06 -0400 Andrew Harris
<andrew.f.harris_at_gmail.com> wrote:
>The question you want answered is based on the implementation of
>the VPN.
>If the VPN is using IPSec's Tunnel mode, headers & the payload are
>encrypted/encapsulated. If just using Transport mode, only the
>payload is
>encapsulated so the IP appear in plaintext. So to answer your
>question, if
>using Transport mode, then the hacker would be able to see the
>that S1 and
>S2 are in communication. In Tunnel mode, the hacker would have a
>very hard
>time and then the weakness of the security lies in the IPSec
>encryption
>itself (how long it takes to crack that...).
>
>Hope this helps
>
>On 7/4/07, nobledark_at_hushmail.com <nobledark_at_hushmail.com> wrote:
>>
>> Hi,
>>
>> 1st post - I had a hypothetical question poised to me that I
>could
>> not answer so I thought that I would ask the list. Here's the
>> scenario:
>>
>> - Two sites, s1 and s2
>> - s1 and s2 have the need for a bi-directional WAN link
>> - The WAN link would be secured via a VPN and all traffic would
>be
>> tunneled through the VPN
>> - Both sites are connected via broadband links; s1 is on a cable
>> modem and s2 utilizes a factional T-1.
>> - There are 5 hops between s1 and s2.
>>
>> Given this scenario, the question was, how anonymous can the
>> connection be between these sites? Put a different way, assuming
>> that s1 and s2 are secure and not under hacker control, how much

>of
>> a threat is there of a 3rd party monitoring the traffic stream
>over
>> the route between the sites and discovering that they are
>talking
>> to each other?
>>
>> Thanks....
>>
>> --
>> Discount Online Trading - Click Now!
>>
>>
>http://tagline.hushmail.com/fc/Ioyw6h4dPYvV4GSzCfyZF7HOo0xdrbO1a8xm

>8LNUn1sHPajMGphSbS/
>>
>>
>>
>>
>> 

--
Click to find great rates on home insurance, save big, shop here
http://tagline.hushmail.com/fc/Ioyw6h4d8gY2AcUnkAkpjrFJzGJZwrNPq48uSJV6u8BD7b5nGmwGoE/
Received on Jul 05 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos