Security Basics mailing list archives

Re: inter-site WAN security question

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Fri, 6 Jul 2007 21:03:07 +0200

On 2007-07-06 Joseph Brown wrote:

That is incorrect.  The header is not encrypted.


Depends. In tunnel mode the tunnel endpoint always encypsulates the
original packet (including the header) and adds an IP header with its
own address as the source. When using an encrypted tunnel (i.e. ESP) the
encapsulated original IP packet including the original header IS
encrypted.

A person sniffing would be able to see source and destination
addresses.


Of the endpoints.

The only way to prevent this would be to using something like the
onion router (http://tor.eff.org/).


Yes.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Current thread:

inter-site WAN security question nobledark (Jul 04)
- Re: inter-site WAN security question Ansgar -59cobalt- Wiechers (Jul 04)
- <Possible follow-ups>
- Re: inter-site WAN security question nobledark (Jul 05)
  - RE: inter-site WAN security question David Gillett (Jul 05)
  - RE: inter-site WAN security question Dan Denton (Jul 05)
  - Re: inter-site WAN security question Dathan Bennett (Jul 05)
  - Re: inter-site WAN security question Ansgar -59cobalt- Wiechers (Jul 06)
  - Re: inter-site WAN security question Joseph Brown (Jul 06)
    - Re: inter-site WAN security question Ansgar -59cobalt- Wiechers (Jul 06)