-=> mark lewis wrote to Sampsa Laine <=-

 ml> this is known as an IDS, Intrusion Detection System... snort is the
 ml> current base one being used... surricata is breaking new ground and
 ml> coming up, though...

 ml> both products scan the stream... they don't really care about the
 ml> "level"... they also have the ability to scan encrypted streams,
 ml> IIRC... i know my IDS set up does and warns be about things while it is
 ml> slamming the door shut on others ;)

Sure - deep packet inspection is typically a combination of IDS/IPS and
a stateful firewall. 

As for scanning encrypted streams, not sure how exactly that would work
without some kind of man in the middle attack. Encrypted is just that, 
if I connect over say SSH to you across this IDS, there is no way the
IDS can tell our traffic from random noise (provided the SSH implementation
isn't faulty and we don't get MITM'd somehow by the IDS - which is a 
security problem in itself).

 

... MultiMail, the new multi-platform, multi-format offline reader!
--- MultiMail/Darwin v0.49
--- SBBSecho 2.11-Win32