LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-30-2006, 11:40 AM   #1
paleogryph
Member
 
Registered: Mar 2003
Location: SLC, UT, US
Distribution: Fedora 12
Posts: 34

Rep: Reputation: 15
How do I know if IPSec is doing its job?


I have an Exchange Webmail box in a DMZ that I needed to monitor via SNMP. I'm using Cacti to monitor it, running on FC4. As per MS, http://support.microsoft.com/?kbid=324261, I created a local security policy to encrypt SNMP traffic via IPSec. I'm using a pre-shared key. Once I "assigned" the local security policy on the MS box I then, simply, went to the Network icon on my FC4 box and went to the IPSec tab, enabled it, set it to host-to-host with the ip, and set the pre-shared key, and then saved the changes.

I also had to change the FW rules for traffic to/from the DMZ, obviously.

Well, I'm still getting SNMP traffic through the DMZ and Cacti is still showing stats on this box.

I ran Ethereal on my FC4 box and I see the back and forth SNMP Get/Response traffic to and from the MS box in the DMZ, however the traffic doesn't appear to be IPSec'd.

How can I tell, either via Ethereal or from the cli, that my traffic to and/from the MS box is IPSec'd?


thanks in advance
 
Old 06-30-2006, 10:16 PM   #2
fedora4002
Member
 
Registered: Mar 2004
Posts: 135

Rep: Reputation: 15
Steal from http://lists.netfilter.org/pipermail...ay/024333.html

sudo /usr/sbin/tcpdump -lni eth1 icmp or esp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
09:49:49.616062 IP 65.162.182.15 > 24.144.77.138:
ESP(spi=0x0702d979,seq=0x1)
09:49:49.635388 IP 10.0.129.1 > 192.168.2.1: icmp 64: echo request seq 0
09:49:49.635426 IP 24.144.77.138 > 65.162.182.15:
ESP(spi=0x05191a81,seq=0x1)
09:49:50.617714 IP 65.162.182.15 > 24.144.77.138:
ESP(spi=0x0702d979,seq=0x2)
09:49:50.617714 IP 10.0.129.1 > 192.168.2.1: icmp 64: echo request seq 256
09:49:50.617855 IP 24.144.77.138 > 65.162.182.15:
ESP(spi=0x05191a81,seq=0x2)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ipsec help ankscorek Linux - Networking 1 03-30-2006 04:42 AM
IPSec eagle683 Linux - Security 5 06-10-2005 11:53 AM
ipsec?? new user Linux - Security 5 08-19-2003 12:37 AM
Ipsec MarleyGPN Linux - Networking 1 07-15-2003 09:18 AM
ipsec pk21 Linux - Software 2 01-30-2003 07:39 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration