[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Isakmp and Snort?

To: "Jack" <jack_xiao99@hotmail.com>
Subject: Re: Isakmp and Snort?
From: Bob Beck <beck@bofh.ucs.ualberta.ca>
Date: Thu, 24 May 2001 12:58:27 -0600
Cc: tech@openbsd.org

	What's the point of looking at the EH or ASP packets in Snort?
all you're going to be looking at is encrypted data frames. Far better
to look at the decrypted side by snorting the inside interface so that
perhaps you can notice anything evil travelling through the gateway.

	-Bob

References:
- Isakmp and Snort?
  - From: "Jack" <jack_xiao99@hotmail.com>

Prev by Date: Re: Isakmp and Snort?
Next by Date: Re: tunnel of isakmp
Prev by thread: Re: Isakmp and Snort?
Next by thread: tunnel of isakmp
Index(es):
- Date
- Thread