[Snort-users] Detecting IPSEC traffic?
zubermensch at ...125...
Tue Nov 20 04:06:04 EST 2001
Is there any way to detect IPSEC ESP traffic (protocol 50) with snort? I
know I can pick up some of this communication by looking for IKE traffic on
udp/500, but not all IPSEC traffic uses IKE.
I basically just want to check for any IPSEC activity and don't really care
about packet decodes. I'm interested in seeing who is attempting
communication to certain resources on my LAN
Thanks a lot for any help you can give!
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
More information about the Snort-users