From: "Joe Patterson" <jpatterson@asgardgroup.com>
To: lartc@vger.kernel.org
Subject: RE: [LARTC] Gre Tunneling Problem
Date: Fri, 11 Jan 2002 15:20:27 +0000 [thread overview]
Message-ID: <marc-lartc-101076241000609@msgid-missing> (raw)
In-Reply-To: <marc-lartc-101039544916808@msgid-missing>
There is trivial security in GRE tunnels. Or possibly none at all. If you
make your GRE tunnel with the command "ip tunnel add $tun mode gre remote
$remaddr local $localaddr key $key" (I believe that's the correct syntax),
then your tunnel has a key. It's not an encryption key, it's an
authentication key, and it's sent in cleartext, but it's a key. If you want
security, wrap your GRE in IPSec or similar.
Bruce is Bruce Schneier, author of "Applied Cryptography" and "Secrets and
Lies", head of Counterpane Internet Security (http://www.counterpane.com/),
frequent speaker and general luminary on the topics of computer and internet
security, encryption etc.., and generally all around cool guy. Although you
may not get much from e-mailing him directly (he's pretty busy), reading
back issues of his newsletter (CryptoGram) is generally enlightening, and
he's written some very good whitepapers on cryptography issues (I beleive
the original "mail Bruce" comment came about from a question on his paper on
the weaknesses of the PPTP protocol)
-Joe
> -----Original Message-----
> From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On
> Behalf Of Greg Scott
> Sent: Friday, January 11, 2002 9:22 AM
> To: 'Michael T. Babcock'
> Cc: 'LARTC List'
> Subject: RE: [LARTC] Gre Tunneling Problem
>
>
> Does anybody know how security works in Linux GRE tunnels? (It's not
> in the HOWTO.) And who is Bruce anyway?
>
> - Greg
>
>
> -----Original Message-----
> From: Greg Scott
> Sent: Wednesday, January 09, 2002 1:40 PM
> To: 'Michael T. Babcock'
> Cc: LARTC List
> Subject: RE: [LARTC] Gre Tunneling Problem
>
>
> Who is Bruce?
>
> geez, I'm an idiot! That GRE tunneling stuff is in chapter 5 of the
> advanced routing HOWTO! But who is Bruce?
>
> - Greg
>
>
>
> -----Original Message-----
> From: Michael T. Babcock [mailto:mbabcock@fibrespeed.net]
> Sent: Wednesday, January 09, 2002 12:44 PM
> To: Greg Scott
> Cc: LARTC List
> Subject: Re: [LARTC] Gre Tunneling Problem
>
>
> On Wed, Jan 09, 2002 at 12:28:12PM -0600, Greg Scott wrote:
> > That paper (great work!) tells about the Microsoft PPTP problems.
> >
> > But what about the Linux GRE tunnel documented in the HOWTO? Does
> > it have the same implementation problems?
>
> I have no idea ;-)
>
> You could E-mail Bruce and ask though ;-)
> --
> Michael T. Babcock
> CTO, FibreSpeed Ltd. (Hosting, Security, Consultation, Database, etc)
> http://www.fibrespeed.net/~mbabcock/
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
prev parent reply other threads:[~2002-01-11 15:20 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-01-06 9:39 [LARTC] Gre Tunneling Problem glynn
2002-01-07 0:58 ` glynn
2002-01-07 1:48 ` glynn
2002-01-07 4:04 ` glynn
2002-01-07 6:28 ` glynn
2002-01-07 6:35 ` glynn
2002-01-07 9:40 ` glynn
2002-01-07 10:21 ` glynn
2002-01-07 11:41 ` Christoph Simon
2002-01-08 0:56 ` Christoph Simon
2002-01-08 1:01 ` Joe Patterson
2002-01-08 1:07 ` glynn
2002-01-08 1:15 ` glynn
2002-01-08 1:18 ` Christoph Simon
2002-01-08 4:54 ` Greg Scott
2002-01-08 7:28 ` glynn
2002-01-08 9:14 ` Christoph Simon
2002-01-08 9:48 ` Christoph Simon
2002-01-08 12:40 ` Greg Scott
2002-01-09 2:44 ` Greg Scott
2002-01-09 3:02 ` glynn
2002-01-09 14:27 ` Michael T. Babcock
2002-01-09 17:49 ` Greg Scott
2002-01-09 17:58 ` Michael T. Babcock
2002-01-09 18:28 ` Greg Scott
2002-01-09 18:43 ` Michael T. Babcock
2002-01-09 19:40 ` Greg Scott
2002-01-11 14:21 ` Greg Scott
2002-01-11 15:20 ` Joe Patterson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-101076241000609@msgid-missing \
--to=jpatterson@asgardgroup.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.