RE: UDP port 500 traffic from two clients

From: Greg A. Woods (woodsat_private)
Date: Tue Jan 29 2002 - 09:47:43 PST

  • Next message: Mike Lewinski: "DDoS to microsoft sites"

    [ On Tuesday, January 29, 2002 at 09:48:56 (-0000), Fernando Cardoso wrote: ]
    > Subject: RE: UDP port 500 traffic from two clients
    >
    > Just a small note on this: you can use IPSec for remote administration of
    > servers with the same degree of confidence you'd use SSH. I do understand
    > and agree with Greg's concerns about trusting everything on the remote
    > network, but you're thinking of IPSec only in terms of tunelling, where you
    > have a couple of gateways (peers) doing encryption and decryption on behalf
    > of other hosts.
    
    I thought I had explained clearly enough in my post that most
    implementations of VPNs using IPSec for this purpose will be of the form
    where the remote user is connecting his host to a network via a gateway.
    
    > If you use IPSec in transport mode, you'll have end-to-end
    > encryption between two hosts, which is equivalent to what you'd achieve with
    > SSH.
    
    That implies that the remote administrator has prepared for the ability
    to run IPSec on every host that might be managed from a remote location.
    This is very often not true, and sometimes not even possible (such as
    with a console terminal server that might be used to reboot a remote
    server, etc.).
    
    I wanted to re-iterate this fact because I also wanted to mention that
    system managers should probably be using SSH (or maybe if they want and
    they can, IPSec in transport mode with every managed server)
    consistently even when they are working from a host directly attached to
    the private network, and for the very same reasons (which primarily are
    of course that with most security incidents originating as "inside
    jobs", your greatest threats are probably already legitimately on your
    private nework!).
    
    -- 
    								Greg A. Woods
    
    +1 416 218-0098;  <gwoodsat_private>;  <g.a.woodsat_private>;  <woodsat_private>
    Planix, Inc. <woodsat_private>; VE3TCP; Secrets of the Weird <woodsat_private>
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Jan 29 2002 - 10:21:55 PST