Transport Mode IPSEC

Dan Mahoney, System Admin danm at
Thu Jan 18 08:06:30 UTC 2007

On Wed, 17 Jan 2007, Ted Mittelstaedt wrote:

> Dan,
>   You do realize, don't you, that since both of these hosts are on a switch,
> and are using unicast traffic to communicate with each other, that they
> cannot be sniffed, don't you?

That implies trust of the switch, trust against arp-cache poisoning, and 
the like.  The idea of ipsec is not trusting the wire.

With NIS/NFS known for being this inherently secure, would it get me a 
better answer if I said "with only a single router between them"?



--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM

More information about the freebsd-questions mailing list