Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: Re: inter-site WAN security question

Re: inter-site WAN security question

From: Joseph Brown <joseph.brown1_at_fuse.net>
Date: Fri, 06 Jul 2007 08:17:30 -0400

That is incorrect. The header is not encrypted. A person sniffing
would be able to see source and destination addresses. The only way to
prevent this would be to using something like the onion router
(http://tor.eff.org/). When using this, the packets will be sent to 13
different routers before being sent to the destination. You can read
more about it at http://tor.eff.org/.

Joe Brown

nobledark_at_hushmail.com wrote:
> Hi Andrew, thanks for the quick reply..
>
> So if I understand you correctly, if someone were sniffing on a
> router between the two sites and the VPN was in tunnel mode then
> they would not be able to see the source and destination IP's - is
> that correct?
>
> Sorry, a bit ignorant about the inner workings of IPSEC VPNs...what
> about during the initial tunnel establishment - how does the vpn
> server at s1 know the path to the vpn server at s2?
>
>
> Thanks again...
>
> On Wed, 04 Jul 2007 15:33:06 -0400 Andrew Harris
> <andrew.f.harris_at_gmail.com> wrote:
>
>> The question you want answered is based on the implementation of
>> the VPN.
>> If the VPN is using IPSec's Tunnel mode, headers & the payload are
>> encrypted/encapsulated. If just using Transport mode, only the
>> payload is
>> encapsulated so the IP appear in plaintext. So to answer your
>> question, if
>> using Transport mode, then the hacker would be able to see the
>> that S1 and
>> S2 are in communication. In Tunnel mode, the hacker would have a
>> very hard
>> time and then the weakness of the security lies in the IPSec
>> encryption
>> itself (how long it takes to crack that...).
>>
>> Hope this helps
>>
>> On 7/4/07, nobledark_at_hushmail.com <nobledark_at_hushmail.com> wrote:
>>
>>> Hi,
>>>
>>> 1st post - I had a hypothetical question poised to me that I
>>>
>> could
>>
>>> not answer so I thought that I would ask the list. Here's the
>>> scenario:
>>>
>>> - Two sites, s1 and s2
>>> - s1 and s2 have the need for a bi-directional WAN link
>>> - The WAN link would be secured via a VPN and all traffic would
>>>
>> be
>>
>>> tunneled through the VPN
>>> - Both sites are connected via broadband links; s1 is on a cable
>>> modem and s2 utilizes a factional T-1.
>>> - There are 5 hops between s1 and s2.
>>>
>>> Given this scenario, the question was, how anonymous can the
>>> connection be between these sites? Put a different way, assuming
>>> that s1 and s2 are secure and not under hacker control, how much
>>>
>
>
>> of
>>
>>> a threat is there of a 3rd party monitoring the traffic stream
>>>
>> over
>>
>>> the route between the sites and discovering that they are
>>>
>> talking
>>
>>> to each other?
>>>
>>> Thanks....
>>>
>>> --
>>> Discount Online Trading - Click Now!
>>>
>>>
>>>
>> http://tagline.hushmail.com/fc/Ioyw6h4dPYvV4GSzCfyZF7HOo0xdrbO1a8xm
>>
>
>
>> 8LNUn1sHPajMGphSbS/
>>
>>>
>>>
>>>
>>>
>
> --
> Click to find great rates on home insurance, save big, shop here
> http://tagline.hushmail.com/fc/Ioyw6h4d8gY2AcUnkAkpjrFJzGJZwrNPq48uSJV6u8BD7b5nGmwGoE/
>
>
>
Received on Jul 06 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos