From: Sam Sgro (sam_at_freeswan.org)
Date: Fri Aug 16 2002 - 21:26:41 CEST
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 16 Aug 2002, Bret Hughes wrote:
> I have been running ipsec to connect from my home lan to the office for
> quite some time now. Since home is a DSL dynamic addressing deal I use
> the roadwarrior setup with linux boxes on both ends.
>
> Last night and again this morning I got a connection attempt from a
> korean (I think) address that the log messages have the connection name
> of my office home link tulsamain-hugheshome.
>
> How is this possible without one side or the other having been hacked?
A Roadwarrior, by definition, can be at any IP address. You're seeing
the the "tulsamain-hugheshome" connection name during the attempts because it
is configured as a Roadwarrior; FreeS/WAN is listening, using that conn, for
connection attempts from %any IP address. Any random person trying to
connect, even if they don't have the proper authentication credentials,
will be logged and that connection name referenced.
As long as you've implemented proper security - RSA keys or certificates, or a
well chosen PSK - you are at no more risk then someone trying to hack into a
box by trying to brute force the password.
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPV1R80OSC4btEQUtAQG2UAP/WElVDJ+aras/PML9nEcPhR2uKm83LxbM
qjFHOEY6svnvQQ4mZgh3KHODeMEpJd5F6SdbuzVZk3la8jHSmK8hB4HV2ot7tD72
WbvRwdyGxAmjmdeWgzSpuKaUC9eMtYIWMgIe8ubypdPj7gFFB6zI4bIjluDBPi74
1t2aMG7KKOM=
=YFOh
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.4 : Sat Aug 17 2002 - 00:19:43 CEST