03-14-2006 07:29 AM
I have had a request to setup an ipsec tunnel between a server and a router to prevent data compromise via sniffing. Is there any validity to this request? In a switching environment how could someone sniff unless they have access to the switch to setup a monitor session? This is for LAN traffic.
The only way they could sniff is if they had access to the wire correct?
03-15-2006 12:08 AM
We are using the same for loggin to our syslog server (IP sec betweem Server and router - interesting traffic for IPSEC are syslog massages). I tried to sniff this traffic on switches and also directly on server - you can see only ESP header and rest of packet is crypted - so this sniff is for hacker irrelevant. if you use for IPSEC stroger alghorithm 3DES or AES for encryption is there no way how to decrypt packet . So final answer: If you implemt this technoglogy correctly its safe agains packet snnifer - it also recommnedation form Cisco - IPSEC is one of the packet sniffer mitigation
HTH
M.
Rate helpful posts
03-15-2006 04:19 AM
a technique named arp poisoning may be applied in conjunction with a sniffer software.
as the name suggested, the software will try to poison the arp in order to "force" the switch to forward the packet to it for packet capturing.
as mentioned from the previous post, ipsec vpn is one of the best techniques to safeguard sniffing.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide