Snort mailing list archives

Re: Signature for IPSec encrypted VPN tunnel

From: Brian <bmc () snort org>
Date: Sat, 1 Mar 2003 16:56:49 -0500

On Fri, Feb 28, 2003 at 01:28:42PM +1100, NTD wrote:

Does anyone know that how to create a signature for IPSec encrypted VPN tunnel 
i.e authentication using cryptographic hashes such as SHA and MD5 ? or and IDS 
currently have that feature?


Well, you can write rules that look for some parts of the protocol.
there is a rather bad rule that looks for PGPNet connections.  When I
get the chance, I plan on writing rules that look for initial
connections of common VPNs and remote admin tools.

-brian


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Signature for IPSec encrypted VPN tunnel NTD (Feb 28)
- Re: Signature for IPSec encrypted VPN tunnel Brian (Mar 01)
- Re: Signature for IPSec encrypted VPN tunnel Matt Kettler (Mar 03)
  - Re: Signature for IPSec encrypted VPN tunnel Brian (Mar 04)