Date: Tue, 07 Sep 1999 10:56:29 +0400 (MSD) From: "Sergey S. Kosyakov" <ks@itp.ac.ru> To: dmp@aracnet.com, freebsd-security@freebsd.org Cc: ks@itp.ac.ru Subject: Re: Layer 2 ethernet encryption? Message-ID: <XFMail.990907105629.ks@osi.ru> In-Reply-To: <37D4ABCB.E683ABC@aracnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 07-Sep-99 dmp@aracnet.com wrote: > "Sergey S. Kosyakov" wrote: >> On 07-Sep-99 dmp@aracnet.com wrote: >> > Is it possible to encrypt ethernet packets so that all layers above >> > layer 2 would be encrypted? The idea I had was to make a device that >> > could defeat a TCP sniffer by encrypting the IP headers. Is this >> > doable? Viable? A reinvention of the wheel? >> > >> >> You can establish secure tunnel with TUND - over tun(4) pseudo-devices if >> you >> use routing, or over divert(4) sockets with ipfw(8) rules for LAN. > > Both of which require that unencrypted IP headers be used. This > allows the use of a TCP sniffer to monitor from where and to whom > traffic is going. By the standards of my group, that's a security > problem. Could you please describe you problem more detailed - I mean what do you want to do? You want hide from where and to whom traffic is going on Ethernet LAN, isn't it? Then use ethernet switching hub. --- ---------------------------------- E-Mail: Sergey S. Kosyakov <ks@osi.ru> Date: 07-Sep-99 Time: 10:51:10 ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.990907105629.ks>