[VPN] Application timeouts over VPN...HELP!
Alex Pankratov
alex at cipherica.com
Wed Apr 9 16:13:40 EDT 2003
Ryan Malayter wrote:
> From: Alex Pankratov [mailto:alex at cipherica.com]
>
>>can you explain why *exactly* it's
>>a "bad security" ? Especially given
>>that the TCP connection in question
>>is IPsec'ed in first place.
>
> If the tunnel is left open, and the engineer's workstation is online and
> idle, the workstation becomes a vector for compromising the security of
> the encrypted traffic.
That's not what I asked about. The question was how keeping *TCP
sessions* open reduces overall VPN security. Let me rephrase it -
which attacks mountable against VPNs would have a lesser chances of
succeeding if all TCP connections are short-lived ?
> [bunch of unrelated to TCP question stuff snipped]
More information about the VPN
mailing list