From owner-freebsd-security Mon Sep 6 23:54:53 1999 Delivered-To: freebsd-security@freebsd.org Received: from netserv.osi.ru (netserv.osi.ru [195.178.193.139]) by hub.freebsd.org (Postfix) with ESMTP id 9C7DD14EBB for ; Mon, 6 Sep 1999 23:54:41 -0700 (PDT) (envelope-from ks@itp.ac.ru) Received: from ntgate.osi.ru (ntgate.osi.ru [195.178.194.141]) by netserv.osi.ru (8.9.1a/8.9.1) with SMTP id KAA09896; Tue, 7 Sep 1999 10:55:10 +0400 (MSK/MSD) Received: from speecart.osi.ru ([195.178.194.35]) by ntgate.osi.ru (Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) with SMTP id C32567E5.0025FCB7; Tue, 7 Sep 1999 10:54:55 +0400 Message-ID: X-Mailer: XFMail 1.2 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <37D4ABCB.E683ABC@aracnet.com> Date: Tue, 07 Sep 1999 10:56:29 +0400 (MSD) Reply-To: ks@itp.ac.ru Organization: OSI AF, Moscow office From: "Sergey S. Kosyakov" To: dmp@aracnet.com, freebsd-security@freebsd.org Subject: Re: Layer 2 ethernet encryption? Cc: ks@itp.ac.ru Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 07-Sep-99 dmp@aracnet.com wrote: > "Sergey S. Kosyakov" wrote: >> On 07-Sep-99 dmp@aracnet.com wrote: >> > Is it possible to encrypt ethernet packets so that all layers above >> > layer 2 would be encrypted? The idea I had was to make a device that >> > could defeat a TCP sniffer by encrypting the IP headers. Is this >> > doable? Viable? A reinvention of the wheel? >> > >> >> You can establish secure tunnel with TUND - over tun(4) pseudo-devices if >> you >> use routing, or over divert(4) sockets with ipfw(8) rules for LAN. > > Both of which require that unencrypted IP headers be used. This > allows the use of a TCP sniffer to monitor from where and to whom > traffic is going. By the standards of my group, that's a security > problem. Could you please describe you problem more detailed - I mean what do you want to do? You want hide from where and to whom traffic is going on Ethernet LAN, isn't it? Then use ethernet switching hub. --- ---------------------------------- E-Mail: Sergey S. Kosyakov Date: 07-Sep-99 Time: 10:51:10 ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message