[Snort-devel] Re: [Snort-users] Signature for IPSec encrypted VPN tunnel

Brian bmc at ...835...
Sat Mar 1 14:14:39 EST 2003


On Fri, Feb 28, 2003 at 01:28:42PM +1100, NTD wrote:
> Does anyone know that how to create a signature for IPSec encrypted VPN tunnel 
> i.e authentication using cryptographic hashes such as SHA and MD5 ? or and IDS 
> currently have that feature?

Well, you can write rules that look for some parts of the protocol.
there is a rather bad rule that looks for PGPNet connections.  When I
get the chance, I plan on writing rules that look for initial
connections of common VPNs and remote admin tools.

-brian




More information about the Snort-devel mailing list