Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 6 Sep 1999 22:42:32 -0700 (PDT)
From:      "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
To:        gpalmer@FreeBSD.ORG (Gary Palmer)
Cc:        dmp@aracnet.com, freebsd-security@FreeBSD.ORG
Subject:   Re: Layer 2 ethernet encryption?
Message-ID:  <199909070542.WAA04637@gndrsh.dnsmgr.net>
In-Reply-To: <39480.936682378@noop.colo.erols.net> from Gary Palmer at "Sep 7, 1999 01:32:58 am"
next in thread | previous in thread | raw e-mail | index | archive | help 
> dmp@aracnet.com wrote in message ID
> <37D496A5.A0576E0F@aracnet.com>:
> > Is it possible to encrypt ethernet packets so that all layers above
> > layer 2 would be encrypted?  The idea I had was to make a device that
> > could defeat a TCP sniffer by encrypting the IP headers.  Is this
> > doable?  Viable?  A reinvention of the wheel?
> 
> How would you route the traffic?  No routers would be able to pass the
> traffic.

No, only routers knowing the key would be able to route traffic.

> 
> If you are doing this for a local LAN, I suggest you have bigger
> problems :)

Maybe the LAN is ``wireless'' :-).   But more seriously the Wavelan
and several other wireless cards do DES encryption at layer 1... so
it _can_ be done.  And more importantly is being done (first hand
knowledge on that one).  

See one ``bigger problem''?  Without DES on our wireless network any
old joe with a wavelan card could come along, sniff for a while, find
an open IP and jump right on into our network.  Though many other safe
gards would make his life a fair bit harder than this, until we implemented
DES at layer 1 we had a problem....

I could care less about them being able to see the data, but being able
to join the network was the real problem.  We are facing a similiar
engineering/security problem on another project that involves wired
networks, but I can't get into that one.  

-- 
Rod Grimes - KD7CAX - (RWG25)                    rgrimes@gndrsh.dnsmgr.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909070542.WAA04637>