RE: Comcast and IPSec traffic

From: J. Oquendo (
Date: 09/16/03

  • Next message: Joris De Donder: "Re: xp professional - local administrator password"
    Date: Tue, 16 Sep 2003 17:07:18 -0400

    As per the CCIE Routing TCP/IP vol2 book page 346 Encryption paragraph:

    for NAT to function, neither the IP addresses nor any information
    derived from them (such as the TCP header checksum) can be encrypted.

    Amother concern is VPN's using for example, IPSec. With certain modes
    of IPSec, if an IP address is changed in an IPSec packet, the IPSec
    becomes meaningless and the VPN is broken. When ANY sort of encryption
    is used, you must place the NAT on the secure side rather than the
    encrypted path...

    One of the things you should think about is whether or not Comcast is
    setting you up under NAT when you didn't want to be running under NAT.
    Sounds confusing even as I type this, but say you've signed up for
    say like a static IP connection... And they're NAT'ed this saves Comcast
    nothing because they're not in charge of your own network, however you
    set it up. Maybe they're just filtering something without your consent
    who knows...

    Hi all,
        This goes back to a fairly old thread (8/13, not that old). Mark, you
    sent an email asking if anyone had noticed Comcast blocking IPSec traffic.
        Well, guess what Comcast has started advertising. Comcast is now
    offering "High-Speed Internet Pro" service. It offers and "even faster
    connection." And among other things, they list "VPN Compatible" on their
        I guess that answers your question about whether they are blocking IPSec


    exec `echo ajbqghuf|rot13|sed '/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//'`
    Jesus Oquendo
    sil @ disgraced . org
    sil @ antioffline . com
    PGP Fingerprint
    39A7 24C6 A9A0 6C67 96CA 0302 F1D3 2420 851E E3D0
    You're free. And freedom is beautiful. And, you know, 
    it'll take time to restore chaos and order, order out
    of chaos. But we will." George W. Bush Washington, 
    D.C., April 13, 2003
    Captus Networks 
    Are you prepared for the next Sobig & Blaster? 
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
     - Precisely Define and Implement Network Security 
     - Automatically Control P2P, IM and Spam Traffic 
    FIND OUT NOW -  FREE Vulnerability Assessment Toolkit

  • Next message: Joris De Donder: "Re: xp professional - local administrator password"