Just seperate a control channel (current IPs on either end) from the data
channel, ala ISDN. The black box interface looks like the VIPs on a load balancer.
The only time you provide DNS is within your protected network on either end and
only to the VIP. Kind of like the principle of frequency hopping spread
spectrum, change channels frequently enough that the listener can't detect
the signal over background noise. Strong encryption would be applied to the
control channel, as it is lower bandwidth than the data channel.
You don't have to carry the overhead on the data channel.
>Date: Wed, 13 Jun 2001 15:53:49 +0100
>From: "Paul Murphy" <[EMAIL PROTECTED]>
>Subject: Re: Has anyone heard of this?
>
>Yeah, but the packets need to route across the internet. That suggests a tunnel, with
guaranteed >endpoints.
>
>You could state that this already happens with VPNs, the packets are encapsulated and
>the
actual IP >addresses are scrambled through encryption.
>>> Vitaly Osipov <[EMAIL PROTECTED]> 6/13/2001 03:02:26 pm >>>
>Probably it's for extranets - linking two network together with
>synchronized IP changes could make sense...
>
>regards,
>Vitaly.
>Paul Murphy wrote:
>
> Sounds... nonsense.
>
> If you have a service that the outside world needs to connect to, then you have to
provide a way for that to happen. A "hacker" can connect by the same mechanism.
>
> If this is intended to make snooping more difficult, which is implied by the article,
then so what really. Who sniffs anyway?
>
> >>> "Eric Johnson" <[EMAIL PROTECTED]> 6/13/2001 11:43:03 am >>>
> From <http://news.zdnet.co.uk/story/0,,s2087257,00.html>:
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
