Register a domain and help support LQ
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-11-2007, 09:23 AM   #1
LQ Newbie
Registered: Sep 2007
Posts: 1

Rep: Reputation: 0
IDS/IPS for detecting/preventing unauthorized VPN or encrypted traffic. Maybe SNORT?

Here's my not so theoretical scenario: A day-one Trojan horse attack where the attacker sets up a secure connection back to himself using a well known trusted port, such as 80 21 443. Or for instance, if a malicious user takes advantage of an open source tool such as openvpn to secure and route a connection out through a trusted port from within the company, effectively making all security mitigations useless.

Is there any way that either snort or some other product could detect an initializing secure connection whether it be SSL/TLS or IPSEC? I realize that once the connection is established it becomes very difficult to find, that's my problem.

My main question: Is there any way to detect the exchange of public keys and log who's doing it?

Thanks in advanced!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
developing an ids using snort chax Linux - Security 1 01-10-2006 01:20 PM
developing an ids using snort chax Linux - Networking 1 01-10-2006 12:51 PM
IDS and IPS in Linux sharma_arpit Linux - Networking 2 10-11-2005 01:07 AM
Snort/ACID as an IDS WeNdeL Linux - Security 4 09-10-2004 01:14 PM
snort (ids) not working please help!!! crealkillerI75 Slackware 5 07-18-2002 04:39 PM

All times are GMT -5. The time now is 03:17 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration