08-04-2023 11:06 AM
I was asked the following question. I think I know the answer, but would like to validate it.
=======
Question: How many levels down of traffic tagged as tunneled by the prefilter can the Snort Engine analyze?
=======
If traffic is identified as 'Tunneled' in the prefilter, LINA will tag that traffic for the Snort Engine to take a deeper look: to analyze let's say not only the GRE session, but also the tunneled session.
What about if the traffic is BGP over GRE over GRE? [Why would you want to do this? I don't have a practical example, but regardless, the question is valid].
I suspect that the Snort engine seeing only 1 tunneled tag with only look at one level down. But I would like to get a confirmation on this.
Thanks.
Solved! Go to Solution.
08-04-2023 12:45 PM
AFAIK, it's just one level down as you surmised.
08-04-2023 12:45 PM
AFAIK, it's just one level down as you surmised.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide