GRE Tunnels and intrusion detection/prevention

livenliven Member Posts: 918
By default GRE is not encrypted correct?

Even so it is encapsulated correct?

So how does this effect Gre tunnels passing through an IDS/IPS sensor?
encrypt the encryption, never mind my brain hurts.

Comments

  • livenliven Member Posts: 918
    anyone anyone?
    encrypt the encryption, never mind my brain hurts.
  • SieSie Member Posts: 1,195
    liven wrote:
    By default GRE is not encrypted correct?

    Correct
    liven wrote:
    Even so it is encapsulated correct?

    Correct
    liven wrote:
    So how does this effect GRE tunnels passing through an IDS/IPS sensor?

    I believe it really depends on the IDS/IPS ability to decode the GRE packet to access the encapsulated data.
    Foolproof systems don't take into account the ingenuity of fools
  • darkuserdarkuser Member Posts: 620 ■■■□□□□□□□
    that shouldnt be a problem

    ssl / ipsec is though ....
    rm -rf /
  • livenliven Member Posts: 918
    THANKS FELLAS!!!


    I don't have time to lab this up and try it for my self.

    But some folks where I work are arguing about it big time....

    Just wanted to see if anyone has done it and can attest that it will work.
    encrypt the encryption, never mind my brain hurts.
  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,799 ■■■■■■■■□□
    Sie wrote:
    I believe it really depends on the IDS/IPS ability to decode the GRE packet to access the encapsulated data.

    Yup, encrypted or not the data still needs to be either deep-analysed in place by something that understand GRE encapsulation or completely decapsulated as it entersm processed and then re-encapsulated as it leaves. I haven't checked other vendors but Sourcefire claim they can handle it http://investor.sourcefire.com/phoenix.zhtml?c=204582&p=irol-newsArticle&ID=1132604&highlight= about midway down.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
Sign In or Register to comment.