Re: clear ports

["Perry E. Metzger" <perry@piermont.com>]

Greg Minshall writes:
> I guess i'm not convinced that a priori it is necessary to require
> that ESP cover up the protocol/ports.  I think that in many many
> cases, what people are trying to keep private is the payload of the
> transport data (eg, passwords, payroll data, etc.).

1) Lots of our users are going to be interested in preventing detailed
   port and protocol information from being seen. Conservative
   security design says "hide everything you don't absolutely need to
   expose". I can think of excellent reasons that one doesn't want
   protocol and port information on the wire in the general case --
   that could give away very valuable traffic analysis information
   which can be used to help break a security system, for example.
2) Our current design would be very hard to change in this regard. ESP
   was designed to be fully opaque, and there is no way for an
   observer to know what the transform used on an ESP packet is,
   because the only indicator of all that stuff is a prenegotiated 32
   bit number.
3) I personally don't want this information leaking if I'm the guy
   sending the packets. Long term paranoia from the security
   consulting world has leaked into my psyche. If I don't need to
   expose information, and I don't know how it could be used to attack
   me, I don't want it out. Just because I can't think of a use for
   information offhand doesn't mean it won't be exploited -- indeed,
   the history of this field shows that it most certainly *will* be
   exploited at some point.

.pm

---

References:

• Re: clear ports
• From: Greg Minshall <minshall@ipsilon.com>

---

• Prev by Date: ESP over TCP?
• Next by Date: Re: ESP over TCP?
• Prev by thread: Re: clear ports
• Next by thread: RE: clear ports
• Index(es):
  • Main
  • Thread