LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Must the source IP in SA (used for outgoing packets) be the sender's IP?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-18-2009, 03:03 PM   #1
arrowheart
LQ Newbie
 
Registered: Feb 2009
Posts: 7

Rep: Reputation: 0
Must the source IP in SA (used for outgoing packets) be the sender's IP?

When I configure SP and SA manually for an outgoing packet, must the
source IP in SA be the sender (local host)'s IP? Will strongSwan or
native IPsec module check the consistence?

Thanks
 
Old 02-22-2009, 02:58 PM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
IMO, yes. Hard to prevent abuses without that.
 
Old 02-25-2009, 12:16 AM   #3
arrowheart
LQ Newbie
 
Registered: Feb 2009
Posts: 7

Original Poster
Rep: Reputation: 0
Thanks. I thought it is only checked during key negotiation and ignored during transmission.
Actually, I'm wondering if it is necessary to binding the IP address. Actually, if X509 certificates or some other credentials are used during IKE/IKEv2, source IP address is not a big issue any more. Adversaries can spoof IP address but cannot spoof those credentials
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
check incoming or outgoing packets ilnli Programming 1 07-24-2007 03:08 PM
Incoming and outgoing traffic (packets) increased tooparam General 4 09-22-2006 01:20 PM
Iptables/Guarddog - how to block specific outgoing packets craftybytes Linux - Security 7 05-19-2006 12:26 AM
drop incoming/outgoing packets using iptables doshiaj Linux - Security 1 06-08-2004 10:38 AM
Outgoing FTP packets seem to hang, or die Torm3nt Linux - Networking 3 01-31-2004 02:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:24 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration