Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: [VPN] Application timeouts over VPN...HELP!
.

  • To: James McNeill <[EMAIL PROTECTED]>
  • Subject: Re: [VPN] Application timeouts over VPN...HELP!
  • From: Alex Pankratov <[EMAIL PROTECTED]>
  • Date: Thu, 10 Apr 2003 09:29:51 -0700
  • Cc: [EMAIL PROTECTED]
  • In-reply-to: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
  • Sender: [EMAIL PROTECTED]
.
 


James McNeill wrote:

The more traffic that is exposed with the same key, the easier it will be to
crypto-analise and discover bad random number generating patterns. For any
secuerly implemented encryption protocol, this should not be a problem. In
most cases you either crack the encryption or you don't. Doesn't matter how
much stuff you have to decrypt.

as for TCP sessions, since the keys and algorithms will all be the same
between sessions, it won't have any effect on security. anyone capable of
attacking your VPN tunnel won't care what you do with your TCP sessions. as
far as your attacker is concerend, a TCP session is just a number in the
header, but so long as it uses the same tunnel, he won't care. It's the
contents of the packet that is valuable.


Exactly my point - the length of TCP connection has no effect on the
security of the VPN it's being tunneled over.

I was responding to the following to the following statement ..

safieradam wrote:
> I would .... and point out to the developers that leaving sessions
> open for hours is bad security and not allowed.

.. which was given in the context of ..

Mike Hancock wrote:
> ..I keep saying that they need to speed up response times on their
> TCP communications and send "heartbeats". They call me "Non-Helpful"

.. which in term implied that 'sessions' in first quote are TCP
sessions. If these were not, then there is nothing to talk about,
the issue boils down to a proper use of SA lifetimes; case closed.



having abnormally long/short TCP sessions is bad practice, and likely to
cause more problems than it's worth.



You make it sound as it's a commonly accepted fact . Well, it's not.
There is nothing wrong with 'abnormally' Long/short TCP sessions.
Consider SSH, IMAP, PPTP and multitude of instant messaging protocols
as few examples.

/alex

_______________________________________________
VPN mailing list
[EMAIL PROTECTED]
http://lists.shmoo.com/mailman/listinfo/vpn
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.