Re: instant messenger eavesdropping question

In article <1150547769.420494.241410@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, "computergeek6933@xxxxxxxxx" <computergeek6933@xxxxxxxxx> writes:

funluvinmax@xxxxxxxxx wrote:
thanks for your reply.

I thought A and B would be chatting purely P2P in this case - not thru
msn or yahoo servers?

With VPN, is there *no* chance that person C (inside the network) can
eavesdrop? If not - are there possibly other ways that person C (or D)
- in the vpn scenario - is able to eavesdrop?

No, according to the Oscar protocol for AIM there is no P2P
transmissions (unless you are direct connecting but I haven't read into
the semantics of that). I would assume that other Instant Message
protocols follow suit. In regards to your VPN question, while C would
be able to eavesdrop, the packets intercepted would be encrypted by the
VPN, proving useless to whoever is reading them.


"
Person A and Person B are both on an internal private network (either
directly on the LAN or VPNed into the LAN from an outside network)
"

To me that says the VPN is terminated on the internal network hence the traffic
on the internal network would be in the clear.


David Webb
Security team leader
CCSS
Middlesex University

.

Relevant Pages

  • Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
    ... This set of steps is redundant in many places, and it's also enormously expensive, since you're using no less than three different expensive bits of networking hardware (AP, PIX, VPN Concentrator), in addition to a bunch of x86 server hardware, windows server licenses, and at least one ISA license. ... Your computers necessarily don't have full access to your network infrastructure when they aren't logged on, so GPOs, software updates, etc can't be applied at the times you want them to be applied. ... Turning on, enabling, and implementing every possible security setting and device you think of is not defence in depth, and will probably only have two effects - your users won't use your wireless network, and you'll burn so much cash you won't have any left to spend on *useful* security measures. ...
    (Full-Disclosure)
  • Re: Site to Site Access on ISA Server
    ... I added the melbourne range to the internal Network and added that static ... and I am now able to Ping the vpn device in the melbourne office.. ... The internal network object definition on ISA is currently 192.168.1.0 to ...
    (microsoft.public.isa)
  • TidBITS#792/15-Aug-05
    ... We also note the release of Security Update 2005-007, ... Macintosh FTP client, free for educational and charitable use. ... mentioned virtual private network (VPN) technologies. ...
    (comp.sys.mac.digest)
  • RE: VPNs - Firewalls and Security
    ... I'm relatively sure that I can apply an access list to the VPN network ... configured) can only talk to the internal network, ... There must be some way to block / firewall even my VPN connections to ...
    (Security-Basics)
  • RE: VPN Error 800
    ... The VPN client IP is 10.0.1.40, this is a private IP address. ... server IP address is 81.137.105.244, this is a Internet IP address. ... not test VPN connection from your perimeter network. ... SBS on your switch to make it work. ...
    (microsoft.public.windows.server.sbs)