[Snort-users] Snort with IPSec

Chris Green cmg at ...1935...
Tue Nov 4 10:26:02 EST 2003


"Josh Berry" <josh.berry at ...10221...> writes:

> Are there any plugins for Snort, or is there any way with Snort, to
> decrypt IPSec traffic and then analyze for malicious traffic (given that
> snort has the key to decrypt with)?  Is there any reason this would be
> impossible?

Packet loss, processing time, and implementation time are the biggies :)

-- 
Chris Green <cmg at ...1935...>
 "Not everyone holds these truths to be self-evident, so we've worked
                  up a proof of them as Appendix A." --  Paul Prescod




More information about the Snort-users mailing list