Hello!
I recently got around to try out fwknop and I must say it's really sweet!
One question popped up though:
I can't figure out what one would gain in security against a MITM attack using
the resolving of ones public IP,
if one would be located behind a NAT'ing router? Somewhere in the
documentation, there was a note
about an attacker being on the same private net, but what kind of configuration
would
protect against that (except the obvious with using encrypted communication as
usual).
As I am testing now, having two servers behind the same NAT firewall, one of
them sends the SPA packet and both
of them can connect openVPN to the receiving openVPN server. Now this is ok
because I want them to be able
to connect, but as I see it, it defeats the whole purpose of fwknop, as I can't
trust the NAT'ed net.
Regards
Patrick
_________________________________________________________________
Vi vet vem du passar ihop med! Klicka här för att få veta!
http://dejting.se.msn.com/channel/index.aspx?trackingid=1002952
------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, &
iPhoneDevCamp as they present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
