IDS mailing list archives
Re: ids detect malicious encrypted data?
From: Ivan Hernandez <ivan.hernandez () globalsis com ar>
Date: Fri, 28 Feb 2003 14:54:45 -0300
There is an old dirty solution for SSL webservers. You put your unencrypted webserver behind a reverse HTTPS proxy. Then you have encrypted traffic between clients and your server and unencrypted traffic behind you reverse proxy, so you can analyze with a NIDS (Snort is a good choice).
HTTPS Client HTTP Server + NIDS ============== ===================== |_____________| Reverse Proxy HTTPS<=> HTTP Ivan Hernandez Lau Ker Chea wrote:
i just start doing some research in ids field. may i know whether majority of the today's nids can detect malicious encypted data since from the article that ihad read, early nids still face this problem.all opinion will be appreciated by me sincerely..thanks!chea__________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ ----------------------------------------------------------- Does your IDS have Intelligent Attack Profiling? If not, see what you're missing. Download a free 15-day trial of StillSecure Border Guard. http://www.securityfocus.com/stillsecure
----------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Current thread:
- Re: ids detect malicious encrypted data? Ivan Hernandez (Mar 02)