[CentOS] Pptp vpn server

Fri Nov 5 12:37:51 UTC 2010
Ben McGinnes <ben at adversary.org>

On 5/11/10 11:29 PM, Les Mikesell wrote:
> On 11/5/10 4:27 AM, Ben McGinnes wrote:
>>
>> I believe this is one of the methods that was looked at to enable
>> ISPs to filter/censor/log SSL connections should the government
>> policies become legislation here.  Except for all outbound
>> connections.  The rest of us call it a MitM (when used for outbound
>> or between third parties, not in your example).
> 
> So if you really want privacy you need to run another layer of
> encryption end to end with an uncommon cipher?

In this kind of scenario, yes.  The SSL/TLS filters aren't uncommon.
Ironport have products that will do it, but they're usually sold to
corporations that want to monitor *all* connections from their
network.

The difference here as that the government were looking at instituting
something similar nationally.  Though it was mentioned in a testing
report from 2008, this part appeared to be silently dropped by the
time of the live pilot in 2009.

I'd have to take another look at the 2008 report, but I'm pretty sure
that none of the software tested in 2007-2008 could filter SSH or
VPNs.  They could be blocked, though, depending on how much effort was
expended.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20101105/70ffb804/attachment-0005.sig>