LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 09-11-2007, 09:23 AM   #1
sipecup
LQ Newbie
 
Registered: Sep 2007
Posts: 1

Rep: Reputation: 0
IDS/IPS for detecting/preventing unauthorized VPN or encrypted traffic. Maybe SNORT?


Here's my not so theoretical scenario: A day-one Trojan horse attack where the attacker sets up a secure connection back to himself using a well known trusted port, such as 80 21 443. Or for instance, if a malicious user takes advantage of an open source tool such as openvpn to secure and route a connection out through a trusted port from within the company, effectively making all security mitigations useless.

Is there any way that either snort or some other product could detect an initializing secure connection whether it be SSL/TLS or IPSEC? I realize that once the connection is established it becomes very difficult to find, that's my problem.

My main question: Is there any way to detect the exchange of public keys and log who's doing it?

Thanks in advanced!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
developing an ids using snort chax Linux - Security 1 01-10-2006 01:20 PM
developing an ids using snort chax Linux - Networking 1 01-10-2006 12:51 PM
IDS and IPS in Linux sharma_arpit Linux - Networking 2 10-11-2005 01:07 AM
Snort/ACID as an IDS WeNdeL Linux - Security 4 09-10-2004 01:14 PM
snort (ids) not working please help!!! crealkillerI75 Slackware 5 07-18-2002 04:39 PM


All times are GMT -5. The time now is 12:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration