Snort mailing list archives
Snort with IPSec
From: "Josh Berry" <josh.berry () netschematics com>
Date: Tue, 4 Nov 2003 11:11:51 -0600 (CST)
Are there any plugins for Snort, or is there any way with Snort, to decrypt IPSec traffic and then analyze for malicious traffic (given that snort has the key to decrypt with)? Is there any reason this would be impossible? Sorry, I do not know enough about IPSec to understand whether this would be possible or not, but it seems like it would be similar to ettercap's ability to view SSL traffic when you have the certificate that is being used. If you could provide the IDS with the keys, would this be possible? ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort with IPSec Josh Berry (Nov 04)
- Re: Snort with IPSec Chris Green (Nov 04)
- Re: Snort with IPSec Josh Berry (Nov 04)
- Re: Snort with IPSec Frank Knobbe (Nov 04)
- Re: Snort with IPSec Josh Berry (Nov 05)
- Re: Snort with IPSec Ravi Kumar (Nov 05)
- Re: Snort with IPSec Josh Berry (Nov 04)
- Re: Snort with IPSec Chris Green (Nov 04)
- Message not available
- Re: Snort with IPSec Matt Kettler (Nov 04)
- <Possible follow-ups>
- RE: Snort with IPSec O'Flynn, Derek (Nov 04)
- Re: Snort with IPSec Mark . Schutzmann (Nov 04)
- Re: Snort with IPSec Josh Berry (Nov 04)
- Re: Snort with IPSec Jason Haar (Nov 04)
- Re: Snort with IPSec Josh Berry (Nov 04)