>
> Very Dumb Question : what makes nested tunnels worth such
> an expense? Are they way more secure? Had somebody said it
> couldn't be done? Or what?
>
More secure? I suppose so because if someone managed to decrypt one
stream they'd have another to decrypt. If the attacker can figure out
how many tunnels you nested, and they can break SSH's encryption (very
very very unlikely if not impossible), then you're not really gaining
much because they can keep breaking the levels you create. But if they
don't know that you are nesting the levels, then they may become
confused about what is going on when they break one level and then wind
up with nothing useful.
For me, I was more curious about how much extra overhead was being
used by passing one SSH tunnel within another SSH tunnel, which I've
done before. With just two tunnels, its actually significant. I can't
be sure that my measurement was right, but from testing pasting a 160
(the width of my terminal) character string into an SSH session to
localhost, over 1 SSH session that turned into 8484 bytes. When I
pasted it into a nested SSH session, it turned into 89612 bytes, or over
10 times as much data. This may be useful for some people to know
because if you are trying to hide your data, generating a lot of
bandwidth might alert someone to what you are doing.
And its not a dumb question at all because I'll admit that what I did
seems crazy. But I thought, why not, its easy enough to do, might as
well satisfy curiousity.
--
Mark Krenz
Bloomington Linux Users Group
http://www.bloomingtonlinux.org/
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug
No comments:
Post a Comment