> Major Variola (ret)[SMTP:[EMAIL PROTECTED]] > > > At 10:13 AM 11/4/02 -0500, Tyler Durden wrote: > >This is an interesting issue...how much information can be gleaned from > > >encrypted "payloads"? > > Traffic analysis (who, how frequently, temporal patterns) > Size of payload > > Is it possible for a switch or whatever that has > >visibility up to layers 4/5/6 to determine (at least) what type of file > is > >being sent? > > Yes. > > Modern network equiptment can examine all the way up to "layer 7". > Can tell that you're sending an .mp3 and will cut your QoS, if that's > the policy. > Durden's question was whether a snooper on an IPSEC VPN can tell (for example) an encrypted email packet from an encrypted HTTP request.
The answer is no. All Eve can tell is the FW1 sent FW2 a packet of a certain size. The protocol of the encapsulated IP packet, it's true source behind FW1, it's true destination behind FW2, and the true destination port are all hidden. Peter
