RE: IPSec and IDS

From: Muhammad Faisal Rauf Danka (
Date: 08/13/02

Date: Mon, 12 Aug 2002 16:50:46 -0700 (PDT)
From: Muhammad Faisal Rauf Danka <>

It depends on whether the IDS is HIDS or NIDS ?
Since tripwire and AIDE won't have any problems with IPSec.

Mostly IPSec is implemented gateway to gateway so placing your NIDS on
a gateway e.g (NAT + Proxy gateway after the router(gateway)), through
which un-encrypted traffic is an option.

Or you could just ignore the signatures, and rely on the source and destination addresses and ports of packets for intrusion/scanning patterns.

Besides, why let untrusted people communicate through your VPN ?

Muhammad Faisal Rauf Danka

Head of GemSEC / Chief Technology Officer
Gem Internet Services (Pvt) Ltd.


Promote your group and strengthen ties to your members with by

Relevant Pages

  • Re: Wifi ipsec freebsd
    ... I too have set up a ipsec secured wireless network and this article ... Tunnel vs. transport mode was something I never fully understood. ... connection over wifi between a FreeBSD gateway and a Windows laptop. ...
  • IPSEC Interop problem with Cisco using multiple SAs
    ... gateway and a Cisco device, using IPSEC. ... current outbound spi: EA6BAC9 ... inbound esp sas: ...
  • Wifi ipsec freebsd
    ... After a few days of struggling, I have successfully set up an ipsec ... connection over wifi between a FreeBSD gateway and a Windows laptop. ...
  • Re: VPN From W2K/Pro to W2K Server Doesn;t Work Through Firewall
    ... and VPN client. ... >performing the gateway, routing and NATting. ... >> that do not have IPsec passthrough because the IP ... >> while tunnel mode protects the IP layer as well. ...
  • Multiple Gateway IPSEC Problem
    ... Cisco Router: Gateway Interface: ... spdadd any -P in ipsec ... # Encrypt and direct all other traffic ...