> Tyler Durden[SMTP:[EMAIL PROTECTED]] writes: > > > "Most the ones I've seen are IPSEC over IPv4. You might be able to glean > some info from packet size, timing, and ordering, but not much. IPSEC > takes a plaintext IP packet and treats the whole thing as a data block > to be encrypted." > > SO this would indicate that IPSEC creates a sort of blockage from seeing > up > to Layers 4/5/6. Now when you say it takes the IP packet, is this just the > > datagram or is it also he procotol bytes? (I'm assuming the layer-2 > information remains intact.) If the protocol bytes are unencrypted, then > there's a LOT that can probably be determined about any IP session. If the > > protocol bytes are encrypted, then this will ot be a very flexible > session, > no? (More of a secure pipe I guess.) > > And then, does IPSEC include specification for MPLS? I would assume that > the > MPLS header information is not encrypted, simply because the headers have > no > global significance... > It's a pipe. The whole plaintext IP packet, from start to finish, including headers and checksum, gets treated as data, and encrypted.
The encrypted packet is the data for a new packet, which goes from one firewall to another (and has only the firewall IP addresses exposed). The packets visible on the outside only tell Eve that firewall A sent firewall B an IPSEC packet of a certain size, with a particular Security Association. (ie, the protocol field says 'this is an IPSEC packet'). A single SA can be used for many, many, internal connections. Check the IPSEC RFCs for more info. Peter Trei