Snort mailing list archives
Re: Snort with IPSec
From: Ravi Kumar <ravivsn () roc co in>
Date: 06 Nov 2003 10:54:27 +0530
Hi, You cant decrypt the packets unless you know the keys IPSec is using currently, With IKE the security gateways exchange keys periodically and as well on number of bytes transfered. As the keys changes every now and then you cant decrypt the packets. Moreover IPSec/IKE uses encryption algorithms like 3DES and AES which have no history of breaking them. The solutions could be - your VPN box and Snort should work in touch with each about the keys used currently. - OR you run snort in LAN behind the security gateway VPN box - If you are using VPN client on machines then better run HIDS on the machine. IF you can make snort to decrypt the packets then it is going to be a big security threat!! Cheers, Best Regards, Ravi Rendezvous On Chip (i) Pvt Ltd, Hyderabad, INDIA http://www.roc.co.in iSecure -A complete security gateway device. On Wed, 2003-11-05 at 11:51, Frank Knobbe wrote:
On Tue, 2003-11-04 at 13:02, Josh Berry wrote:I understand the overhead and difficulty. I just want to know if it is technically feasible. The reason I am asking is that one of the directors where I work is considering implementing site wide IPSec encryption for every connection on the internal network. This will make internal attacks impossible to see, therefore I cannot just sit the IDS behind the VPN because essentially the whole network will be one big VPN.What is the reason/business case behind this? Do the benefits you gain really outweigh the drawbacks? Curious, Frank
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort with IPSec Josh Berry (Nov 04)
- Re: Snort with IPSec Chris Green (Nov 04)
- Re: Snort with IPSec Josh Berry (Nov 04)
- Re: Snort with IPSec Frank Knobbe (Nov 04)
- Re: Snort with IPSec Josh Berry (Nov 05)
- Re: Snort with IPSec Ravi Kumar (Nov 05)
- Re: Snort with IPSec Josh Berry (Nov 04)
- Re: Snort with IPSec Chris Green (Nov 04)
- Message not available
- Re: Snort with IPSec Matt Kettler (Nov 04)
- <Possible follow-ups>
- RE: Snort with IPSec O'Flynn, Derek (Nov 04)
- Re: Snort with IPSec Mark . Schutzmann (Nov 04)
- Re: Snort with IPSec Josh Berry (Nov 04)
- Re: Snort with IPSec Jason Haar (Nov 04)
- Re: Snort with IPSec Josh Berry (Nov 04)