Tom Rollins <kelso@netcom.com> wrote:
I am interested in encrypting a SLIP link between my PC (running Linux) and my Netcom shell account (running SLIRP).
My question has to do with error conditions on the line. If I drop a character or packet, the two sides will loose crypto sync and result in things scrambled from then on. The modems will fix most of the low level problems. However, Murphy's Law has not been repealed. :)
Are there any standard methods to provide the SYNC between the sender(encryption) and the receiver(decryption) on an Async connection ?
Since Slip uses IP packets, I was planning on an encryption of the data portion of the IP packets (leaving the header alone).
A better approach would be to encrypt the entire IP packets and leave the framing bytes alone. But this is what I do: I use regular unencrypted SLIP (slirp) between here and netcom. Also install copies of slirp in all your other unix accounts, plus your favorite session encryption daemon (deslogin, ctcp, ssh, esm, etc). Then make some script files like this. For this example I use deslogin to establish a secure session with utopia.hacktic.nl. /root/dialup: #!/bin/csh dip /root/netcom.dip /sbin/agetty 38400 ttyqf -l /root/utopiadeslogin & dip /root/utopia.dip /root/utopiadeslogin: #!/bin/csh exec /usr/local/bin/deslogin ghio@utopia.hacktic.nl /root/utopia.dip: port ptyqf wait ogin: 60 send anything\n wait d: 5 send password\n wait ] 5 send \n send exec slirp-0.9o/src/slirp\n get $rmtip 10.0.2.42 get $locip 10.0.2.16 mode CSLIP Add to /etc/hosts: 10.0.2.42 utopia-secure Then I can do: telnet utopia-secure and everything is encrypted. I got deslogin from utopia's anon-ftp dir. A 3DES version would be nice tho. When you want to hangup, use this to kill all of the dip processes: #!/bin/csh ps -ua|grep " pQf "|awk '{print "kill " $2}'|csh ps -ua|grep " pS1 "|awk '{print "kill " $2}'|csh To do this for more hosts, just pick any available IP addresses in 10.0.2.x and a free tty (ttyq* are usually unused).