Snort mailing list archives
Re: Snort with IPSec
From: "Josh Berry" <josh.berry () netschematics com>
Date: Tue, 4 Nov 2003 14:27:02 -0600 (CST)
Yes, we would be implementing IPSec all the way down to ALL desktops and servers. All network communication would be through IPSec.
Josh, Will you be implementing IPSec VPN all the way down to the desktop/server level or will you be using a concentrator/router/firewall device? If you are using one of these devices, you will have unencrypted traffic on the LAN side where you will be able to place a Snort sensor. I suspect that only the WAN side will be encrypted. Depending on the device, you could, in theory, place a sensor in-line, but... (see Chris' comment) Regards, Mark "Josh Berry" <josh.berry () netschematics co To: snort-users () lists sourceforge net m> cc: "Josh Berry" <josh.berry () netschematics com>, Sent by: snort-users () lists sourceforge net snort-users-admin () lists sour Subject: Re: [Snort-users] Snort with IPSec ceforge.net 11/04/2003 01:02 PM I understand the overhead and difficulty. I just want to know if it is technically feasible. The reason I am asking is that one of the directors where I work is considering implementing site wide IPSec encryption for every connection on the internal network. This will make internal attacks impossible to see, therefore I cannot just sit the IDS behind the VPN because essentially the whole network will be one big VPN."Josh Berry" <josh.berry () netschematics com> writes:Are there any plugins for Snort, or is there any way with Snort, to decrypt IPSec traffic and then analyze for malicious traffic (given that snort has the key to decrypt with)? Is there any reason this would be impossible?Packet loss, processing time, and implementation time are the biggies :) -- Chris Green <cmg () sourcefire com> "Not everyone holds these truths to be self-evident, so we've worked up a proof of them as Appendix A." -- Paul Prescod ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort with IPSec Josh Berry (Nov 04)
- Re: Snort with IPSec Chris Green (Nov 04)
- Re: Snort with IPSec Josh Berry (Nov 04)
- Re: Snort with IPSec Frank Knobbe (Nov 04)
- Re: Snort with IPSec Josh Berry (Nov 05)
- Re: Snort with IPSec Ravi Kumar (Nov 05)
- Re: Snort with IPSec Josh Berry (Nov 04)
- Re: Snort with IPSec Chris Green (Nov 04)
- Message not available
- Re: Snort with IPSec Matt Kettler (Nov 04)
- <Possible follow-ups>
- RE: Snort with IPSec O'Flynn, Derek (Nov 04)
- Re: Snort with IPSec Mark . Schutzmann (Nov 04)
- Re: Snort with IPSec Josh Berry (Nov 04)
- Re: Snort with IPSec Jason Haar (Nov 04)
- Re: Snort with IPSec Josh Berry (Nov 04)