Security Basics mailing list archives
Re: inter-site WAN security question
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 4 Jul 2007 20:46:21 +0200
On 2007-07-04 nobledark () hushmail com wrote:
1st post - I had a hypothetical question poised to me that I could not answer so I thought that I would ask the list. Here's the scenario: - Two sites, s1 and s2 - s1 and s2 have the need for a bi-directional WAN link - The WAN link would be secured via a VPN and all traffic would be tunneled through the VPN - Both sites are connected via broadband links; s1 is on a cable modem and s2 utilizes a factional T-1. - There are 5 hops between s1 and s2. Given this scenario, the question was, how anonymous can the connection be between these sites? Put a different way, assuming that s1 and s2 are secure and not under hacker control, how much of a threat is there of a 3rd party monitoring the traffic stream over the route between the sites and discovering that they are talking to each other?
Anyone who is able to sniff packets along the route will be able to discover *that* they are talking to each other. The risk of someone discovering *what* they are talking to each other depends on the strength of the cryptography the VPN uses. If you want to conceal the fact that there's communication between the two sites you need something like onion routing. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- inter-site WAN security question nobledark (Jul 04)
- Re: inter-site WAN security question Ansgar -59cobalt- Wiechers (Jul 04)
- <Possible follow-ups>
- Re: inter-site WAN security question nobledark (Jul 05)
- RE: inter-site WAN security question David Gillett (Jul 05)
- RE: inter-site WAN security question Dan Denton (Jul 05)
- Re: inter-site WAN security question Dathan Bennett (Jul 05)
- Re: inter-site WAN security question Ansgar -59cobalt- Wiechers (Jul 06)
- Re: inter-site WAN security question Joseph Brown (Jul 06)
- Re: inter-site WAN security question Ansgar -59cobalt- Wiechers (Jul 06)