Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
795
Views
0
Helpful
2
Replies

VPN between server and router

wtsadmin
Level 1
Level 1

‎03-14-2006 07:29 AM

I have had a request to setup an ipsec tunnel between a server and a router to prevent data compromise via sniffing. Is there any validity to this request? In a switching environment how could someone sniff unless they have access to the switch to setup a monitor session? This is for LAN traffic.

The only way they could sniff is if they had access to the wire correct?

Labels:
0 Helpful
2 Replies 2

m.sir
Level 7
Level 7

‎03-15-2006 12:08 AM

We are using the same for loggin to our syslog server (IP sec betweem Server and router - interesting traffic for IPSEC are syslog massages). I tried to sniff this traffic on switches and also directly on server - you can see only ESP header and rest of packet is crypted - so this sniff is for hacker irrelevant. if you use for IPSEC stroger alghorithm 3DES or AES for encryption is there no way how to decrypt packet . So final answer: If you implemt this technoglogy correctly its safe agains packet snnifer - it also recommnedation form Cisco - IPSEC is one of the packet sniffer mitigation

HTH

M.

Rate helpful posts

0 Helpful

jackko
Level 7
Level 7

‎03-15-2006 04:19 AM

a technique named arp poisoning may be applied in conjunction with a sniffer software.

as the name suggested, the software will try to poison the arp in order to "force" the switch to forward the packet to it for packet capturing.

as mentioned from the previous post, ipsec vpn is one of the best techniques to safeguard sniffing.

0 Helpful
Customers Also Viewed These Support Documents