[Snort-devel] Re: [Snort-users] Signature for IPSec encrypted VPN tunnel
bmc at ...835...
Sat Mar 1 14:14:39 EST 2003
On Fri, Feb 28, 2003 at 01:28:42PM +1100, NTD wrote:
> Does anyone know that how to create a signature for IPSec encrypted VPN tunnel
> i.e authentication using cryptographic hashes such as SHA and MD5 ? or and IDS
> currently have that feature?
Well, you can write rules that look for some parts of the protocol.
there is a rather bad rule that looks for PGPNet connections. When I
get the chance, I plan on writing rules that look for initial
connections of common VPNs and remote admin tools.
More information about the Snort-devel