GRE Tunnels and intrusion detection/prevention
By default GRE is not encrypted correct?
Even so it is encapsulated correct?
So how does this effect Gre tunnels passing through an IDS/IPS sensor?
Even so it is encapsulated correct?
So how does this effect Gre tunnels passing through an IDS/IPS sensor?
encrypt the encryption, never mind my brain hurts.
Comments
-
Sie
Member Posts: 1,195
liven wrote:By default GRE is not encrypted correct?
Correctliven wrote:Even so it is encapsulated correct?
Correctliven wrote:So how does this effect GRE tunnels passing through an IDS/IPS sensor?
I believe it really depends on the IDS/IPS ability to decode the GRE packet to access the encapsulated data.Foolproof systems don't take into account the ingenuity of fools -
liven
Member Posts: 918
THANKS FELLAS!!!
I don't have time to lab this up and try it for my self.
But some folks where I work are arguing about it big time....
Just wanted to see if anyone has done it and can attest that it will work.encrypt the encryption, never mind my brain hurts. -
Ahriakin
Member Posts: 1,799 ■■■■■■■■□□
Sie wrote:I believe it really depends on the IDS/IPS ability to decode the GRE packet to access the encapsulated data.
Yup, encrypted or not the data still needs to be either deep-analysed in place by something that understand GRE encapsulation or completely decapsulated as it entersm processed and then re-encapsulated as it leaves. I haven't checked other vendors but Sourcefire claim they can handle it http://investor.sourcefire.com/phoenix.zhtml?c=204582&p=irol-newsArticle&ID=1132604&highlight= about midway down.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?