Re: inter-site WAN security question

[Joseph Brown <joseph.brown1 () fuse net>]

That is incorrect.  The header is not encrypted.  A person sniffing 
would be able to see source and destination addresses.  The only way to 
prevent this would be to using something like the onion router 
(http://tor.eff.org/).  When using this, the packets will be sent to 13 
different routers before being sent to the destination.  You can read 
more about it at http://tor.eff.org/.

Joe Brown


nobledark () hushmail com wrote:
> Hi Andrew, thanks for the quick reply..
>
> So if I understand you correctly, if someone were sniffing on a 
> router between the two sites and the VPN was in tunnel mode then 
> they would not be able to see the source and destination IP's - is 
> that correct?
>
> Sorry, a bit ignorant about the inner workings of IPSEC VPNs...what 
> about during the initial tunnel establishment - how does the vpn 
> server at s1 know the path to the vpn server at s2?
>
>
> Thanks again...
>
> On Wed, 04 Jul 2007 15:33:06 -0400 Andrew Harris 
> <andrew.f.harris () gmail com> wrote:
>   
> > The question you want answered is based on the implementation of 
> > the VPN.
> > If the VPN is using IPSec's Tunnel mode, headers & the payload are
> > encrypted/encapsulated.  If just using Transport mode, only the 
> > payload is
> > encapsulated so the IP appear in plaintext.  So to answer your 
> > question, if
> > using Transport mode, then the hacker would be able to see the 
> > that S1 and
> > S2 are in communication.  In Tunnel mode, the hacker would have a 
> > very hard
> > time and then the weakness of the security lies in the IPSec 
> > encryption
> > itself (how long it takes to crack that...).
> >
> > Hope this helps
> >
> > On 7/4/07, nobledark () hushmail com <nobledark () hushmail com> wrote:
> >     
> > > Hi,
> > >
> > > 1st post - I had a hypothetical question poised to me that I 
> > >       
> > could
> >     
> > > not answer so I thought that I would ask the list. Here's the
> > > scenario:
> > >
> > > - Two sites, s1 and s2
> > > - s1 and s2 have the need for a bi-directional WAN link
> > > - The WAN link would be secured via a VPN and all traffic would 
> > >       
> > be
> >     
> > > tunneled through the VPN
> > > - Both sites are connected via broadband links; s1 is on a cable
> > > modem and s2 utilizes a factional T-1.
> > > - There are 5 hops between s1 and s2.
> > >
> > > Given this scenario, the question was, how anonymous can the
> > > connection be between these sites? Put a different way, assuming
> > > that s1 and s2 are secure and not under hacker control, how much 
> > >       
>
>   
> > of
> >     
> > > a threat is there of a 3rd party monitoring the traffic stream 
> > >       
> > over
> >     
> > > the route between the sites and discovering that they are 
> > >       
> > talking
> >     
> > > to each other?
> > >
> > > Thanks....
> > >
> > > --
> > > Discount Online Trading - Click Now!
> > >
> > >
> > >       
> > http://tagline.hushmail.com/fc/Ioyw6h4dPYvV4GSzCfyZF7HOo0xdrbO1a8xm
> >     
>
>   
> > 8LNUn1sHPajMGphSbS/
> >     
> > >       
>
> --
> Click to find great rates on home insurance, save big, shop here
> http://tagline.hushmail.com/fc/Ioyw6h4d8gY2AcUnkAkpjrFJzGJZwrNPq48uSJV6u8BD7b5nGmwGoE/
>
>
>