[Snort-users] Snort with IPSec

Josh Berry josh.berry at ...10221...
Tue Nov 4 09:12:24 EST 2003


Are there any plugins for Snort, or is there any way with Snort, to
decrypt IPSec traffic and then analyze for malicious traffic (given that
snort has the key to decrypt with)?  Is there any reason this would be
impossible?

Sorry, I do not know enough about IPSec to understand whether this would
be possible or not, but it seems like it would be similar to ettercap's
ability to view SSL traffic when you have the certificate that is being
used.  If you could provide the IDS with the keys, would this be possible?




More information about the Snort-users mailing list