G****r 发帖数: 5579 | 1 我老很早就喜欢开源, 可惜也是叶公好龙, 东看看西瞧瞧, 一直没有能长时间(超
过三个月的)在某一专门开源上下哭功(主要是没有在工作中正式使用), 直到去年
年初, 上个东家很多产品(很多是前几年收购进来的小公司)都用OpenSSL, 但问题太
多太忙, 于是我被抓去帮忙。
开始, 我是多么地兴奋, 我终于可以全职去开源了!
可是, 没过几个月就发现, 每个产品用的都是他们自己版本的开源, 他们都声称他
们自己的版本是比原版好, 美名之: Customized version, or Leveraged version,
有着原版没有的优点。。。。。。 但细看, 全是狗屁几年前的老版本, 非但没有真
正的新点, 而且把新版的新加的丢了。 我对 IPSec, SSL, PKI 等等 的 RFC 原文都
深入研读过的, 虽然对 OpenSSL 以前用的不多, 但上手还是快, 知道那些人不懂但
装高深, 在没有理解 Open Source 和 SSL Protocol 时就去 Hack 虽然开始侥幸把
产品搞到能运行了, 可问题不断。 |
|
|
|
y*********i 发帖数: 7 | 4 when i read through RFC2401, i met this:
IPsec uses two protocols to provide traffic security--Authentication
Header(AH) and.....
The IP Authentication Header(AH) provides connectionless integrity,
data origin authenticaiton, and an optional anti-replay services. .....
how can i translate "connectionless integrity" and "anti-replay" into
Chinese? and what is anti-replay( the meaning and specific process)?
thx.
//bow |
|
|
a***a 发帖数: 21 | 6
host-to-host but not for end-to-end |
|
X*********u 发帖数: 20 | 7 CS牛人 is different from Security Guru.
I have been working on Network security for three years, mostly on lower layer
security (such as IPSec). I am trying to be a security guru in another 3
years. |
|
A*****o 发帖数: 222 | 8 You think IPSec/(IP layer Security) as security guru?
That's just network security ba.
How about algorithms such as RSA, DSA?:)
Most of Security now talking is just about virus, worms, destop got hacked,
etc. etc. |
|
m**t 发帖数: 1292 | 9 will you offer the small contract to me ? :) I sell very high speed
VPNs in a super deal ;)
Your question can have several alternative answers, you can connect
the two office using site to site IPsec VPN gateways. Or if you'd like
go with carriers, they may provide you MPLS based VPN (kind of like dedicated
line), these are for data if that is what you need to achieve, for integrated
IP voice etc, it can be a bit more complicated but not much new.
the remote access using a client-server model is |
|
r*****k 发帖数: 565 | 10 本人在做个course project,题目是实现个类似sTunnel得东西,也就是encode任意一
个指定端口发出去的ip packet,然后再远端decode. 加密准备用ipsec
由于本人对c/c++知识基本为0,所以选择了python
我准备用twisted里的对网卡建立个raw socket,然后察看每一个packet,确定来自指
定端口就重建该packet
想请达人指教是否可行. (我实在不确定packet filtering用python能否做到) |
|
z***e 发帖数: 5393 | 11 Usually those attacks have different requirement, such as "encryption only"
or "authentication only".
Chosen cipher attack is a broad concept, kind like "searching algorithm",
but it totally depends on how you do it. Some examples I know is to use
chosen cipher for IPSec, but as I said, it has a lot of limits and only
works if you don't configure your computer well.
encryption != security. |
|
|
a****l 发帖数: 8211 | 13 what do you want to do? |
|
s***e 发帖数: 108 | 14 if u don't have control on company firewall,that could be really hard.
What kind of software u r using? FreeS/WAN? |
|
m******g 发帖数: 91 | 15 【 以下文字转载自 Linux 讨论区 】
【 原文由 mangmang 所发表 】
先说一下我的网络连接的拓扑结构:
Home-------------------------------internet------------Remote Place
192.168.0.123 --> 131.111.8.1---------------->162.105.12.10
(内部IP) (router IP) |------>10.23.12.2 (内部IP)
用windows上, 用SecuRemote可以连入远方机器(10.23.12.2) vie IKE protocol.
如果用的是Linux, 好像FreeSwan也可以提供类似的client方式连入Check Point VPN-1.
谁这么干过, 把ipsec的configuration给说说吧, 他们的document太繁琐了....我懒 :P
谢谢 |
|
a****s 发帖数: 115 | 16 John Gilmore
今天在网上读IPsec的东东, 不留神撞到http://www.toad.com/gnu/, 才知道真是大牛人一个! Sun 的第五号员工, alt.新闻组的发起人, gdb 1990-1993的维护者, Cygnus的co-founder .... 干了一堆牛事, 挣足了钱, 现在一边enjoy life, 一边搞社会活动, 还一边跟政府打官司,
什么都不耽误 ;-). 景仰 .... |
|
|
h**a 发帖数: 108 | 18 太复杂,现在还没有搞的动力。以后再说
有没有人能够推荐一个支持IPSec的Wireless Router。便宜些,可以自己刷Firmware的
也行。 我想从家里链接到公司的Cisco路由器。DD-WRT好像不行
tunnel |
|
h**a 发帖数: 108 | 19 我想建一个永久性的VPN连接,这样可以随时访问公司的文件/资源。有点烦每次需要的
时候要手动连接。
我知道一些贵的无线路由器提供这样的设置,但是不想花这笔钱。如果有相对便宜的路
由器(50刀左右)能够被刷成可以配置IPSEC的就好了。 |
|
h**a 发帖数: 108 | 20 会有什么问题么?我问了公司,他们说可以的。只是需要我自己准备支持IPSec的路由器 |
|