IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS, IPS and encrypted traffic

From: neil () slampt net
Date: Fri, 3 Dec 2004 04:50:53 +0800
Hey Daniel,

Have you looked at the Mcafee Intrushield product?
The latest version of the sensor software has the ability to load SSL keys and 
then decrypt/inspect the traffic in realtime.

Regards

Neil Archibald

Quoting Daniel Hamburg <daniel.hamburg () iis rub de>:


Hello everybody,

I’ve been looking around the net for a while, trying to find some 

theoretical

and practical approaches to solve the 
problem of analyzing encrypted traffic.

I know, that there is a need to decrypt the traffic before analyzing it, but
I haven’t found any concrete solutions 
neither for NIDS nor for HIDS yet. Some HIDS vendors announced that their
products are capable of analyzing encrypted 
traffic, but I didn’t succeed to find any details about that.

Does anybody know some products or papers which deal with the problem of
analyzing encrypted traffic?

Thanks in advance,
  Daniel Hamburg


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------






-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: