On Tue, 20 Apr 2004 at 06:37:50PM -0400, Steve Ramage wrote: > Stupid Question, I don't understand how IPSec is secure. Can't you just > kill the IPSec connection, or is IPSec connectionless? As I understand > it you have [TCP HEADER | TCP DATA ] in a TCP Packet. With Ipsec you > have [ TCP Header | encrypted([TCP HEADER | TCP DATA]) ] that you could > still kill.
IPSec uses AH (Auth Headers) to authenticate packets using encryption/signing. These packets are the "outer" packets. The encapsulated packets would still be vulnerable, but all information about these packets are encrypted. Furthermore, the IPSec endpoints will typically not allow packets through from a peer network unless they come via the IPSec tunnel (at least properly configured setups won't...). One the connection is on the LAN side of either IPSec endpoint it is once again vulnerable to intruders on the LAN. IPSec will get you across the "untrusted" Internet though (unless someone pulls the plug at OSI layer 1 or 2...) Hope this answers your question. -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import
