IDS mailing list archives
IDS on VPN-GW
From: counter.spy () gmx de
Date: Fri, 29 Nov 2002 10:19:50 +0100 (MET)
Hi folks, I have recently tested snort on a vpn-gateway that runs on linux (just for testing purposes, no productive server). This might be of use if the gateway connects to another gateway so that traffic on both the inside and outside interfaces is encrypted. The vpn software inserts an ipsec layer beneath the normal ip-stack and thus provides a new interface that you can sniff off, e.g. with tcpdump, just like sniffing on eth0 or another interface. When sniffing on the logical interface of the vpn software, the ids sees all original, unencrypted ip-datagrams. Of course this practice will impact server-performance and does not scale well when loadbalancing over several machines. Has anybody deployed such a configuration on a productive server? I would like to know if such a configuration could be handled in real-life. Any experiences, suggestions, ideas...? Thanks, counterspy -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!
Current thread:
- IDS on VPN-GW counter . spy (Nov 29)