IDS mailing list archives
Re: IDS, IPS and encrypted traffic
From: Jose Maria Lopez <jkerouac () bgsec com>
Date: 06 Dec 2004 20:47:43 +0100
El jue, 02 de 12 de 2004 a las 08:15, Daniel Hamburg escribió:
Hello everybody, I’ve been looking around the net for a while, trying to find some theoretical and practical approaches to solve the problem of analyzing encrypted traffic. I know, that there is a need to decrypt the traffic before analyzing it, but I haven’t found any concrete solutions neither for NIDS nor for HIDS yet. Some HIDS vendors announced that their products are capable of analyzing encrypted traffic, but I didn’t succeed to find any details about that. Does anybody know some products or papers which deal with the problem of analyzing encrypted traffic? Thanks in advance, Daniel Hamburg
Some people have had success using an squid proxy with the certificates to decrypt the SSL traffic before sending it to the real web servers and use a snort box after the squid proxy to see the unencrypted traffic. You can also try ssltunnel to handle other protocols but it's more complicated. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac () bgsec com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÑA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road" -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- IDS, IPS and encrypted traffic Daniel Hamburg (Dec 02)
- Re: IDS, IPS and encrypted traffic neil (Dec 02)
- Re: IDS, IPS and encrypted traffic Alex Butcher, ISC/ISYS (Dec 07)
- Re: IDS, IPS and encrypted traffic Jet (Dec 03)
- Re: IDS, IPS and encrypted traffic Brad Boeckmann (Dec 03)
- Re: IDS, IPS and encrypted traffic Alexander Klimov (Dec 06)
- Re: IDS, IPS and encrypted traffic Jose Maria Lopez (Dec 07)
- <Possible follow-ups>
- RE: IDS, IPS and encrypted traffic Eric McCarty (Dec 02)
- Re: IDS, IPS and encrypted traffic neil (Dec 02)