nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

GRE Tunnels and intrusion detection/prevention

liven

By default GRE is not encrypted correct?

Even so it is encapsulated correct?

So how does this effect Gre tunnels passing through an IDS/IPS sensor?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

liven

anyone anyone?

Sie

liven wrote:

By default GRE is not encrypted correct?

Correct

liven wrote:

Even so it is encapsulated correct?

Correct

liven wrote:

So how does this effect GRE tunnels passing through an IDS/IPS sensor?

I believe it really depends on the IDS/IPS ability to decode the GRE packet to access the encapsulated data.

darkuser

that shouldnt be a problem

ssl / ipsec is though ....

liven

THANKS FELLAS!!!

I don't have time to lab this up and try it for my self.

But some folks where I work are arguing about it big time....

Just wanted to see if anyone has done it and can attest that it will work.

Ahriakin

Sie wrote:

I believe it really depends on the IDS/IPS ability to decode the GRE packet to access the encapsulated data.

Yup, encrypted or not the data still needs to be either deep-analysed in place by something that understand GRE encapsulation or completely decapsulated as it entersm processed and then re-encapsulated as it leaves. I haven't checked other vendors but Sourcefire claim they can handle it http://investor.sourcefire.com/phoenix.zhtml?c=204582&p=irol-newsArticle&ID=1132604&highlight= about midway down.