Beruflich Dokumente
Kultur Dokumente
Routing Process
• IPtables [32] was used to make rules to associate a label (mark) with a packet. One label also
exists for each topology forwarding table. To bind these two operations, the label associated
with a specific traffic class must be the label of the topology table that should be used for that
traffic class. Linux only allows packets with a matching label to do lookup in a routing table
that has an assigned label. All packets can do lookup in tables without labels assigned (Catch-
all).
• The main routing table was given very low priority (a high number). The other routing tables
were given higher priority. The mutual order of the higher priority tables was not important.
• A default black hole entry was configured in each routing table to block traffic to destinations
that did not have a routing entry in the routing table. A black hole route is a routing table
entry that goes nowhere. This entry captured traffic that could not be routed via the other
entries in the routing table and dropped this traffic. This enforced that only one forwarding
table (the one with the correct label) was used to look for routes to the destination for a
packet.
Transfer of Packets
The IP address of the recipient, which is a part of the packet header, determines how
the packet is routed. If this address includes the network number of the local network, the
packet goes directly to the host with that IP address. If the network number is not the local
network, the packet goes to the router on the local network.
The routers maintain routing information in routing tables. These tables contain the IP
address of the hosts and routers on the networks to which the router is connected. The tables
also contain pointers to these networks. When a router receives a packet, the router checks its
routing table to determine if the table lists the destination address in the header. If the table
does not contain the destination address, the router forwards the packet to another router that
is listed in its routing table.
1. Using a VPN connection helps protect confidential network data and resources.
2. Provides convenience and accessibility for remote workers or corporate employees
since they will be able to easily access the main office without having to be physically
present and yet, still maintain the security of the private network and its resources.
3. Communication using a VPN connection provides a higher level of security compared
to other methods of remote communication. Advanced level of technology nowadays makes
this possible, thus, protecting the private network from unauthorized access.
4. Actual geographic locations of the users are protected and not exposed to the public or
shared networks like the Internet.
5. Adding new users or group of users to the network is easy since VPNs are very
adjustable. It is possible to make the network grow without the need for additional new
components or complicated configurations.
Captured Traffic
In client version of the above-mentioned VPN service, it was observed that once
enabled, the service uses standard port 443 for HTTPS connections but generally connects to
only one server. All the traffic may it be multisite traffic uses the same active connection.
Figure 1 shows the connection details for current user activity against Hotspot Shield.
Hotspot Shield uses fake well-known server name in SSL certificate to bypass the traffic
from server name-based filters over the network, if any, as shown in Figure 2 below.