Date: Thu, 18 Jan 2007 03:06:25 -0500 (EST) From: "Dan Mahoney, System Admin" <danm@prime.gushi.org> To: Ted Mittelstaedt <tedm@toybox.placo.com> Cc: questions@freebsd.org Subject: Re: Transport Mode IPSEC Message-ID: <20070118030358.S55095@prime.gushi.org> In-Reply-To: <005701c73ad3$1e433560$3c01a8c0@coolf89ea26645> References: <20070118022306.Q26349@prime.gushi.org> <005701c73ad3$1e433560$3c01a8c0@coolf89ea26645>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 17 Jan 2007, Ted Mittelstaedt wrote: > Dan, > > You do realize, don't you, that since both of these hosts are on a switch, > and are using unicast traffic to communicate with each other, that they > cannot be sniffed, don't you? That implies trust of the switch, trust against arp-cache poisoning, and the like. The idea of ipsec is not trusting the wire. With NIS/NFS known for being this inherently secure, would it get me a better answer if I said "with only a single router between them"? -Dan -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070118030358.S55095>