[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NAT and IPsec
Ari Huttunen <Ari.Huttunen@F-Secure.com> writes:
> > Well, as a side note - it seems that Ethereal barfs equally nicely to IKE
> > version approach (which it _should_ handle but apparently doesn't). That
> > reminds me, I have to submit my Ethereal patches for this.. (-:
> >
> > Firewall rules are not _my_ concern - if why are you letting IKE through if
> > you do not desire IPsec?
> >
> > (Excluding some obscure use of AH to make "verifiable but snoopable" Big
> > Brother-friendly access somewhere.)
> I've been thinking that someone should make a patch to Ethereal that
> would enable it to look inside AH or ESP/NULL. That's somewhat hard, but
> doable with some innovative guesswork. (Right?)
At least 0.8.12 does that already (and I think it has done it for few
versions) with AH. I think I have equivalent patch for ESP/null in my
version but I haven't submitted much recently (because submissions that do
not get 'in' are silently ignored and I despise that type of behavior).
> Ari
-Markus
> --
> Ari Huttunen phone: +358 9 859 900
> Senior Software Engineer fax : +358 9 8599 0452
>
> F-Secure Corporation http://www.F-Secure.com
>
> F-Secure products: Integrated Solutions for Enterprise Security
--
Markus Stenberg <stenberg@ssh.com> of SSH Communications Security (www.ssh.com)
References: