Comcast & VPN - with NAT Router?]]

Gerald Combs gerald at ethereal.com
Fri Jun 15 19:46:07 CDT 2001 

Different VPNs use specific TCP and UDP ports, and protocols.  E.g. PPTP
uses TCP ports 1723 and 47(?), as well as GRE.  IPSec uses TCP port
500(?).  Unless the client and server can agree on different ports,
detecting (and disabling) this traffic is trivial.

This doesn't mean that _all_ VPN traffic can be detected or stopped.  
I've read that you can encapsulate a PPP session over a ssh connection
with a bit of work.  Most providers wouldn't look for this sort of thing.

On Fri, 15 Jun 2001, Brian Densmore wrote:

> Well, if you are using tunneling and encryption, I don't see how they could
> detect it unless they are decrypting packets. And if they don't have the
> public key to unencrypt with how are they unencrypting. And if they have a
> public key that works and it wasn't given to them, where did they get it?
> Hmm, maybe they have some reformed crackers working for them?
> 
> Seriously though, it was my impression that VPN's usually run over an
> encrypted protocol, and, as should be common knowledge, it's a real no-no to
> unencrypt internet traffic that you're not legally entitled to. So the real
> question is, are they trying to unencrypt private and potential confidential
> and sensitive data. IANAL, but that sounds vewy vewy illegal to me. They put
> script kiddies in jail for things like that.
> 
> > -----Original Message-----
> > From: The Hoelschers [mailto:mohoel at telocity.com]
> > Sent: Friday, June 15, 2001 12:57 PM
> > To: kclug at kclug.org
> > Subject: Comcast & VPN - with NAT Router?]]
> > 
> > 
> > Is it me?  I have sent this (basic) message a couple of times, but not
> > getting it from the list.  I got a dump a little while ago, so thought
> > the list might have been "stuck" for a while, but when a bunch came
> > through, mine was not there....  Again, sorry if this shows 
> > up more than
> > once...							
> > 
> > ------------------
> > 
> > Sorry if this shows up twice, I never received it on the list....
> > 
> > ----------------
> > 
> > O.K., I know that the "acceptable use" policy says no-go using a VPN
> > client with Comcast "home" cable modem access.  I know if they detect
> > you using a VPN they will cancel/re-assess you as a "business" grade
> > (although the local rep says they don't know how much to 
> > charge for that
> > since they aren't officially offering it here yet!).
> > 
> > The question on the table is this;  If I am running Comcast cable as a
> > normal home-use, single dynamic IP user, but I'm using a NAT router
> > between the cable modem and my PC('s), and one of my PC's is using VPN
> > to access the corporate network, is that undetectable?
> > 
> > A guy I know has been doing it three months so is telling 
> > everyone that
> > with a NAT router, it's undetectable.  I say it's still detectable,
> > Comcast just hasn't noticed him yet. Who's right?  Does 
> > anyone know for
> > sure?
> > 
> > Thanks -
> > 
> > Chris.
> > 
> > 
> > 
> > 
> > 
> > 
> > -- 
> > Check it out!  Special rates with Qwest!  And No Minimum!
> > http://qwesteferral.com/r.jsp?a=mH.n.Je1IMRfVU541Lz2HA$$&x
> > ======
> > http://www.scrapper4hire.com - Shameless plug for my wife's scrap
> > booking business!
> > 
> > 
> > majordomo at kclug.org
> > 
> 
> 
>

More information about the Kclug mailing list