Tyler Durden[SMTP:camera_lumina@hotmail.com] writes:

"Most the ones I've seen are IPSEC over IPv4. You might be able to glean some info from packet size, timing, and ordering, but not much. IPSEC takes a plaintext IP packet and treats the whole thing as a data block to be encrypted."

SO this would indicate that IPSEC creates a sort of blockage from seeing up to Layers 4/5/6. Now when you say it takes the IP packet, is this just the

datagram or is it also he procotol bytes? (I'm assuming the layer-2 information remains intact.) If the protocol bytes are unencrypted, then there's a LOT that can probably be determined about any IP session. If the

protocol bytes are encrypted, then this will ot be a very flexible session, no? (More of a secure pipe I guess.)

And then, does IPSEC include specification for MPLS? I would assume that the MPLS header information is not encrypted, simply because the headers have no global significance...

It's a pipe. The whole plaintext IP packet, from start to finish, including headers and checksum, gets treated as data, and encrypted. The encrypted packet is the data for a new packet, which goes from one firewall to another (and has only the firewall IP addresses exposed). The packets visible on the outside only tell Eve that firewall A sent firewall B an IPSEC packet of a certain size, with a particular Security Association. (ie, the protocol field says 'this is an IPSEC packet'). A single SA can be used for many, many, internal connections. Check the IPSEC RFCs for more info. Peter Trei