[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto Sync Issue

To: [email protected]
Subject: Re: Crypto Sync Issue
From: [email protected] (Matthew Ghio)
Date: Fri, 22 Sep 95 13:41 EDT
References: <[email protected]>
Sender: [email protected]

Tom Rollins <[email protected]> wrote:

> I am interested in encrypting a SLIP link between my
> PC (running Linux) and my Netcom shell account (running
> SLIRP).
> 
> My question has to do with error conditions on the line.
> If I drop a character or packet, the two sides will loose
> crypto sync and result in things scrambled from then on.
> The modems will fix most of the low level problems.
> However, Murphy's Law has not been repealed. :)
> 
> Are there any standard methods to provide the SYNC between
> the sender(encryption) and the receiver(decryption) on
> an Async connection ?
> 
> Since Slip uses IP packets, I was planning on an encryption
> of the data portion of the IP packets (leaving the header
> alone).

A better approach would be to encrypt the entire IP packets and leave the
framing bytes alone.  

But this is what I do:

I use regular unencrypted SLIP (slirp) between here and netcom.
Also install copies of slirp in all your other unix accounts, plus your
favorite session encryption daemon (deslogin, ctcp, ssh, esm, etc).
Then make some script files like this.  For this example I use deslogin
to establish a secure session with utopia.hacktic.nl.

/root/dialup:

#!/bin/csh
dip /root/netcom.dip
/sbin/agetty 38400 ttyqf -l /root/utopiadeslogin &
dip /root/utopia.dip

/root/utopiadeslogin:

#!/bin/csh
exec /usr/local/bin/deslogin [email protected]

/root/utopia.dip:

port ptyqf
wait ogin: 60
send anything\n
wait d: 5
send password\n
wait ] 5
send \n
send exec slirp-0.9o/src/slirp\n
get $rmtip 10.0.2.42
get $locip 10.0.2.16
mode CSLIP

Add to /etc/hosts:

10.0.2.42       utopia-secure

Then I can do: telnet utopia-secure
and everything is encrypted.

I got deslogin from utopia's anon-ftp dir.
A 3DES version would be nice tho.

When you want to hangup, use this to kill all of the dip processes:

#!/bin/csh
ps -ua|grep " pQf "|awk '{print "kill " $2}'|csh
ps -ua|grep " pS1 "|awk '{print "kill " $2}'|csh

To do this for more hosts, just pick any available IP addresses
in 10.0.2.x and a free tty (ttyq* are usually unused).

References:
- Crypto Sync Issue
  - From: [email protected] (Tom Rollins)

Prev by Date: Re: Another Netscape Bug (and possible security hole)
Next by Date: Worms and New Netscape Bug
Prev by thread: Crypto Sync Issue
Next by thread: Encryption algorithms used in PrivaSoft
Index(es):
- Date
- Thread