HP-UX Reference (11i v3 07/02) - 4 File Formats (vol 8)
p
ppp.Keys(4) ppp.Keys(4)
FE3FF8FFE1FF87
003C00F001C007
1E007800E00380
E1FF87FF1FFC7F
FFC3FF0FFE3FF8
SECURITY CONCERNS
The keys file should be mode 600 or 400, and owned by root.
Packets’ IP headers are not encrypted, though their TCP, UDP, or ICMP headers are encrypted along with
the user data portion. This allows encrypted packets to traverse normal internetworks, but permits snoop-
ers to analyze traffic by its endpoints.
Since the TCP, UDP, or ICMP header is encrypted, protocol-based filters along the packet’s path will be
unable to discern whether it is SMTP, Telnet, or any other network service. This means that encrypted
traffic will only permeate packet-filtering firewalls if the firewall allows all traffic between the endpoints,
regardless of traffic type. HP PPP/SLIP software for HP-UX systems, when deployed as the endpoint gate-
ways of the encrypted traffic, decrypt incoming encrypted traffic before applying their configured packet
filtering rules.
AUTHOR
ppp.Keys was developed by the Progressive Systems.
SEE ALSO
pppd(1), ppp.Auth(4), ppp.Devices(4), ppp.Dialers(4), ppp.Filter(4), ppp.Systems(4).
RFC 792, RFC 1548, RFC 1332, RFC 1334.
322 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: February 2007