Security Incidents mailing list archives

RE: UDP port 500 traffic from two clients

From: "Fernando Cardoso" <fernando.cardoso () whatevernet com>
Date: Tue, 29 Jan 2002 09:48:56 -0000

[...]


For example when doing remote administration of servers on some remote
network you should always use SSH, even if you also have a VPN to
connect your local workstation (and/or local network) to the remote
network.  You should not trust everyone and everything on the remote
network between its gateway and the remote server(s) you're
administering.  If you don't always use SSH any passwords you type to
them may be seen by a sniffer on the remote network.  The same risks
apply to using any remote application where you don't want sensitive
data to be seen or interfered with as it traverses the remote network.


Just a small note on this: you can use IPSec for remote administration of
servers with the same degree of confidence you'd use SSH. I do understand
and agree with Greg's concerns about trusting everything on the remote
network, but you're thinking of IPSec only in terms of tunelling, where you
have a couple of gateways (peers) doing encryption and decryption on behalf
of other hosts. If you use IPSec in transport mode, you'll have end-to-end
encryption between two hosts, which is equivalent to what you'd achieve with
SSH.

Cheers

Fernando

--
Fernando Cardoso - Security Consultant       WhatEverNet Computing, S.A.
Phone : +351 21 7994200                      Praca de Alvalade, 6 - Piso 6
Fax   : +351 21 7994242                      1700-036 Lisboa - Portugal
email : fernando.cardoso () whatevernet com     http://www.whatevernet.com/



_____________________________________________________________________
                      INTERNET MAIL FOOTER 
A presente mensagem pode conter informação considerada confidencial.
Se o receptor desta mensagem não for o destinatário indicado, fica
expressamente proibido de copiar ou endereçar a mensagem a terceiros.
Em tal situação, o receptor deverá destruir a presente mensagem e por
gentileza informar o emissor de tal facto.
---------------------------------------------------------------------
Privileged or confidential information may be contained in this
message. If you are not the addressee indicated in this message, you
may not copy or deliver this message to anyone. In such case, you
should destroy this message and kindly notify the sender by reply
email.
---------------------------------------------------------------------


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

UDP port 500 traffic from two clients Chris Wilkes (Jan 28)
- Re: UDP port 500 traffic from two clients Glen Mehn (Jan 28)
- Re: UDP port 500 traffic from two clients Gary Flynn (Jan 28)
  - Re: UDP port 500 traffic from two clients Hugo van der Kooij (Jan 28)
- <Possible follow-ups>
- RE: UDP port 500 traffic from two clients McCammon, Keith (Jan 28)
- RE: UDP port 500 traffic from two clients Toni Heinonen (Jan 28)
  - RE: UDP port 500 traffic from two clients Greg A. Woods (Jan 28)
    - RE: UDP port 500 traffic from two clients Fernando Cardoso (Jan 29)
    - RE: UDP port 500 traffic from two clients Greg A. Woods (Jan 29)