Security Basics mailing list archives
RE: Comcast and IPSec traffic
From: "J. Oquendo" <segment () antioffline com>
Date: Tue, 16 Sep 2003 17:07:18 -0400
As per the CCIE Routing TCP/IP vol2 book page 346 Encryption paragraph: for NAT to function, neither the IP addresses nor any information derived from them (such as the TCP header checksum) can be encrypted. Amother concern is VPN's using for example, IPSec. With certain modes of IPSec, if an IP address is changed in an IPSec packet, the IPSec becomes meaningless and the VPN is broken. When ANY sort of encryption is used, you must place the NAT on the secure side rather than the encrypted path... *********************************************************************** One of the things you should think about is whether or not Comcast is setting you up under NAT when you didn't want to be running under NAT. Sounds confusing even as I type this, but say you've signed up for say like a static IP connection... And they're NAT'ed this saves Comcast nothing because they're not in charge of your own network, however you set it up. Maybe they're just filtering something without your consent who knows... ----------------------------------------------------------------------- Hi all, This goes back to a fairly old thread (8/13, not that old). Mark, you sent an email asking if anyone had noticed Comcast blocking IPSec traffic. Well, guess what Comcast has started advertising. Comcast is now offering "High-Speed Internet Pro" service. It offers and "even faster connection." And among other things, they list "VPN Compatible" on their benefits. I guess that answers your question about whether they are blocking IPSec traffic. -Greg ----------------------------------------------------------------------- -- +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= exec `echo ajbqghuf|rot13|sed '/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//'` Jesus Oquendo sil @ disgraced . org sil @ antioffline . com PGP Fingerprint 39A7 24C6 A9A0 6C67 96CA 0302 F1D3 2420 851E E3D0 http://www.antioffline.com http://www.politrix.org You're free. And freedom is beautiful. And, you know, it'll take time to restore chaos and order, order out of chaos. But we will." George W. Bush Washington, D.C., April 13, 2003 --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Comcast and IPSec traffic Greg Holl (Sep 15)
- RE: Comcast and IPSec traffic Dana Smith (Sep 15)
- <Possible follow-ups>
- RE: Comcast and IPSec traffic Clark, Steve (Sep 15)
- RE: Comcast and IPSec traffic J. Oquendo (Sep 16)
- RE: Comcast and IPSec traffic Gaydosh, Adam (Sep 26)