[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSec diagnostics/audit tool

To: IPSec <ipsec@lists.tislabs.com>
Subject: IPSec diagnostics/audit tool
From: Dirk Rösler <dirk@unicircuits.com>
Date: Thu, 15 Feb 2001 11:59:00 +0000
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Microsoft-Entourage/9.0.2509


Hello there,

does anyone know of or has suggestions for developing an IPSec (ESP only? -
not sure) diagnostics or audit tool?

I was thinking of being able to verify that the traffic you assume is
protected is indeed protected when looked at from the outside. This could be
very valuable for testing and auditing your policy.

For example you could statistically analyse payloads (for encrypted packets
those should be flat, whereas non-encrypted packets should be recognisable)
by using a sniffer (how about snort?). Or check that you really do IKE with
ID protection.

But what else is worth capturing or verifying? I'd be grateful for input and
pointers!

Regards

Dirk

Prev by Date: Re: Password in IKE
Next by Date: can't ping
Prev by thread: ICMPv6 and IPsec drafts
Next by thread: can't ping
Index(es):
- Main
- Thread