[Snort-users] Snort with IPSec

Josh Berry josh.berry at ...10221...
Tue Nov 4 11:03:02 EST 2003


I understand the overhead and difficulty.  I just want to know if it is
technically feasible.  The reason I am asking is that one of the directors
where I work is considering implementing site wide IPSec encryption for
every connection on the internal network.  This will make internal attacks
impossible to see, therefore I cannot just sit the IDS behind the VPN
because essentially the whole network will be one big VPN.


> "Josh Berry" <josh.berry at ...10221...> writes:
>
>> Are there any plugins for Snort, or is there any way with Snort, to
>> decrypt IPSec traffic and then analyze for malicious traffic (given that
>> snort has the key to decrypt with)?  Is there any reason this would be
>> impossible?
>
> Packet loss, processing time, and implementation time are the biggies :)
>
> --
> Chris Green <cmg at ...1935...>
>  "Not everyone holds these truths to be self-evident, so we've worked
>                   up a proof of them as Appendix A." --  Paul Prescod
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?   SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>







More information about the Snort-users mailing list