OK, you guys are now in Smoking Crack Land. ;)
You could include the NIDS in the loop just by making it an IPSec gateway
and having each end negotiate separate IPSec tunnels with the NIDS and look
at the traffic as it got routed between tunnel interfaces. Snort and S/Wan
should do fine.
That would be crazy, though, because the correct way to do it is just to put
the NIDS somewhere before the encryption boundary.
You could also use a separately negotiated SSH (or something) link between
the IPSec gateway and the NIDS to feed the NIDS all the IPSec session keys
once they were negotiated. Sort of like real-time escrow.
That would be INSANE, though, because it puts hooks into the protocol that
really _really_ shouldn't be there.
You can't just MitM an IPSec connection with dsniff and arpspoof, if that's
what you're thinking.
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
> -----Original Message-----
> From: Michael Jinks [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 07, 2001 7:33 AM
> To: Jose Nazario
> Cc: [EMAIL PROTECTED]
> Subject: Re: Encryption vs. inspection.
>
>
> Jose Nazario wrote:
>
> >
> > alternatively, and i haven't seen this done, include the NIDS in the
> > crypto negotiation via some secure key passing mechanism
>
>
> might dsniff or one of its components fit well here?
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
