From owner-freebsd-security  Mon Sep  6 23: 6:10 1999
Delivered-To: freebsd-security@freebsd.org
Received: from guppy.pond.net (guppy.pond.net [205.240.25.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2D3F9155DE; Mon,  6 Sep 1999 23:06:04 -0700 (PDT)
	(envelope-from dmp@aracnet.com)
Received: from aracnet.com (snapuser2-89.pacificcrest.net [216.36.34.89])
	by guppy.pond.net (8.9.3/8.9.3) with ESMTP id XAA22940;
	Mon, 6 Sep 1999 23:03:32 -0700 (PDT)
From: dmp@aracnet.com
Message-ID: <37D4AB40.AEE4C2EA@aracnet.com>
Date: Mon, 06 Sep 1999 23:05:52 -0700
X-Mailer: Mozilla 4.6 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Gary Palmer <gpalmer@freebsd.org>
Cc: freebsd-security@freebsd.org
Subject: Re: Layer 2 ethernet encryption?
References: <39480.936682378@noop.colo.erols.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Gary Palmer wrote:
> 
> dmp@aracnet.com wrote in message ID
> <37D496A5.A0576E0F@aracnet.com>:
> > Is it possible to encrypt ethernet packets so that all layers above
> > layer 2 would be encrypted?  The idea I had was to make a device that
> > could defeat a TCP sniffer by encrypting the IP headers.  Is this
> > doable?  Viable?  A reinvention of the wheel?
> 
> How would you route the traffic?  No routers would be able to pass the
> traffic.

The network in question doesn't use IP-based routing.

> If you are doing this for a local LAN, I suggest you have bigger
> problems :)

You're right, I do have bigger problems.  Like deep paranoia among
the users of the LAN.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message