Snort mailing list archives

L2TP inspection

From: Alexander Peters <axp.snortusers () alexpeters de>
Date: Thu, 02 Dec 2004 15:13:48 +0100

Hi everyone,

I'm looking to inspect unencrypted L2TP packets (i.e. LAC-LNS
traffic).

Now my idea would be to approach this in either 2 ways.

- develop a L2TP preprocessor plugin

or

- have a machine use tcpdump to "clean" the l2tp and feed it
  to a sensor

Any ideas on this?

cheers,

Alex P.



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.

Discover which products truly live up to the hype. Start reading now.http://productguide.itmanagersjournal.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort Italian Howto andrea . gasparetto (Dec 02)
- L2TP inspection Alexander Peters (Dec 02)
- L2TP inspection Alexander Peters (Dec 02)
- <Possible follow-ups>
- Re: Snort Italian Howto andrea (Dec 15)