|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Christoph Egger (egger_at_mlcomputing.de)
Date: Wed Sep 11 2002 - 04:44:44 CDT
Hi!
I am wondering how causes lots of traffic through an ipsec tunnel.
Only our mail server fetches mails every 10 minutes and that's it. So only
every 10 minutes is expected to be traffic there.
Nonetheless, tcpdump registered lots of traffic during the whole night.
First, I thought, there was an attack going through, but I couldn't find
anything...
Another possibility is that the two ipsec gateways do lots of keyexchanging.
On the one gateway, the key related options are these:
keyingtries=1
disablearrivalcheck=no
pfs=yes
keyexchange=ike
keylife=1h
The other gateway is configured as roadwarrior because of dynamic ip
addresses (dialup connection). Keying related options are these:
keyingtries=0
disablearrivalcheck=no
pfs=yes
keyexchange=ike
keylife=1h
I can't figure out what the disablearrivealcheck=no option really means as
all the documentation links of the freeswan homage (http://www.freeswan.org/)
are broken.
This option was already in the config file as a sort of "pre-defined default
option".
Can one of these options cause lots of traffic?
Are there other possibilities?
-- CU, Christoph-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help
suse.com Security-related bug reports go to security
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]