How do I verify that IPSec is actually functioning

Chris Carlson carlsonmail at YAHOO.COM
Tue Jul 25 09:00:35 EDT 2000


This brings up a very good point about encryption: how
do you know it's really being done?

Just because tcpdump shows that IPSec protocols are
being used, i.e. AH and ESP, that doesn't mean that
it's encrypted!

Most IPSec systems can use ESP-null, meaning no
encryption.  Also, most IPSec systems can compress the
data prior to encrypting it.  If you do a packet
trace, you may see unencrypted, but compressed, data
and assume that it's secure!

You know, I could probably set up a GRE tunnel using
ROT13 as an encryption algorithm and most people
sniffing the wire would think that it's encrypted!!

Question to all:  what's reallly required to make an
IPSec testing program?

Is it possible to use some type of testing tool to
encrypt a set of known values, like "The quick brown
fox jumped over the lazy dog" using a pair of manual
IPSec keys, and then pass the same string and IPSec
manual keys in your IPSec devices and packet sniff for
the encrypted data.  Shouldn't the encrypted strings
of the testing system match the IPSec devices.

Thoughts?

Chris
--

--- "DePriest, Jason R." <jrdepriest at FTB.COM> wrote:
> Use tcpdump or some other sniffer and check for
> Authentication Header (AH)
> or Encapsulating Security Payload (ESP) protocols.
> That works for me.
>
> Thank you!
>
> Jason R DePriest, Network and Systems Administrator
> First Tennessee National Corporation
> InterActive Services Department
> ph: 901/523-5777, fax: 901/523-5527
> email: jrdepriest at ftb.com
>
> Disclaimer:
> The views expressed in this message, while not
> necessarily the views of
> First Tennessee, are none-the-less confidential and
> not to be freely
> distributed to external sources without explicit
> permission from the sender
> of this message or from First Tennessee National
> Corporation.
>
> "I have never let my schooling interfere with my
> education."
> - Mark Twain
>
> -----Original Message-----
> From: Milton Caines
> [mailto:mcaines at TRUEWORLDGROUP.COM]
> Sent: Saturday, July 22, 2000 10:11 AM
> To: VPN at SECURITYFOCUS.COM
> Subject: How do I verify that Ipsec is actually
> functioning
>
>
> After I have established a connection between two
> OpenBSD on different
> networks using ipsec, how do I verify that ipsec is
> actually active between
> these two machines
>
>


__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail – Free email you can access from anywhere!
http://mail.yahoo.com/

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list