IDS mailing list archives
RE: SSL and IPS (was RE: ssh and ids)
From: <Peter_Schawacker () NAI com>
Date: Thu, 1 Jul 2004 22:07:12 -0700
Mike, Concerning your challenge, here's the decrypted URL: https://www.cryptolinux.org/kudzu The page is no longer there, but it looks like it contained the page source for the CryptoLinux homepage and an article about kudzu. The beginning of the page's source is below. If you have any further questions or comments on this, let's take it off list. 0x0000: 3c 48 54 4d 4c 3e 3c 48 [<HTML><H] 0x0008: 45 41 44 3e 0a 3c 54 49 [EAD>.<TI] 0x0010: 54 4c 45 3e 43 79 72 70 [TLE>Cyrp] 0x0018: 74 6f 4c 69 6e 75 78 20 [toLinux ] 0x0020: 2d 20 4c 69 6e 75 78 43 [- LinuxC] 0x0028: 72 79 74 6f 20 2d 20 43 [ryto - C] 0x0030: 72 79 70 74 6f 67 72 61 [ryptogra] 0x0038: 70 68 79 20 6f 6e 20 4c [phy on L] 0x0040: 69 6e 75 78 3c 2f 54 49 [inux</TI] 0x0048: 54 4c 45 3e 0a 3c 4d 45 [TLE>.<ME] 0x0050: 54 41 20 6e 61 6d 65 3d [TA name=] 0x0058: 22 64 65 73 63 72 69 70 ["descrip] 0x0060: 74 69 6f 6e 22 20 63 6f [tion" co] 0x0068: 6e 74 65 6e 74 3d 22 57 [ntent="W] 0x0070: 65 6c 63 6f 6d 65 20 74 [elcome t] 0x0078: 6f 20 43 72 79 70 74 6f [o Crypto] 0x0080: 4c 69 6e 75 78 2e 20 20 [Linux. ] 0x0088: 54 68 69 73 20 69 73 20 [This is ] 0x0090: 61 20 72 65 73 6f 75 72 [a resour] 0x0098: 63 65 0a 73 69 74 65 20 [ce.site ] 0x00a0: 66 6f 72 20 61 6c 6c 20 [for all ] 0x00a8: 74 68 69 6e 67 20 63 72 [thing cr] 0x00b0: 79 70 74 6f 67 72 61 70 [yptograp] 0x00b8: 68 69 63 20 6f 6e 20 4c [hic on L] 0x00c0: 69 6e 75 78 2e 22 3e 0a [inux.">.] 0x00c8: 3c 4d 45 54 41 20 6e 61 [<META na] 0x00d0: 6d 65 3d 22 6b 65 79 77 [me="keyw] 0x00d8: 6f 72 64 73 22 20 63 6f [ords" co] 0x00e0: 6e 74 65 6e 74 3d 22 4c [ntent="L] 0x00e8: 69 6e 75 78 2c 20 43 72 [inux, Cr] 0x00f0: 79 70 74 6f 67 72 61 70 [yptograp] 0x00f8: 68 79 2c 20 43 72 79 70 [hy, Cryp] 0x0100: 74 6f 67 72 61 70 68 69 [tographi] 0x0108: 63 2c 20 4c 69 6e 75 78 [c, Linux] 0x0110: 20 4f 53 2c 0a 4c 69 6e [ OS,.Lin] 0x0118: 75 78 20 6f 70 65 72 61 [ux opera] 0x0120: 74 69 6f 6e 20 73 79 73 [tion sys] 0x0128: 74 65 6d 22 3e 0a 3c 2f [tem">.</] 0x0130: 48 45 41 44 3e 0a 3c 42 [HEAD>.<B] 0x0138: 4f 44 59 20 42 41 43 4b [ODY BACK] 0x0140: 47 52 4f 55 4e 44 3d 2f [GROUND=/] 0x0148: 62 61 63 6b 67 72 6f 75 [backgrou] 0x0150: 6e 64 73 2f 70 61 70 65 [nds/pape] 0x0158: 72 2f 62 6c 75 65 5f 70 [r/blue_p] 0x0160: 61 70 65 72 2e 67 69 66 [aper.gif] 0x0168: 20 42 47 43 4f 4c 4f 52 [ BGCOLOR] 0x0170: 3d 22 23 46 46 46 46 46 [="#FFFFF] 0x0178: 46 22 20 54 45 58 54 3d [F" TEXT=] 0x0180: 22 23 30 30 30 30 30 30 ["#000000] 0x0188: 22 20 4c 49 4e 4b 3d 22 [" LINK="] 0x0190: 23 30 30 30 30 46 46 22 [#0000FF"] 0x0198: 20 41 4c 49 4e 4b 3d 22 [ ALINK="] 0x01a0: 23 46 46 30 30 30 30 22 [#FF0000"] 0x01a8: 20 56 4c 49 4e 4b 3d 22 [ VLINK="] 0x01b0: 23 35 35 31 41 38 42 22 [#551A8B"] 0x01b8: 3e 0a 3c 69 6d 67 20 73 [>.<img s] 0x01c0: 72 63 3d 22 2f 63 72 79 [rc="/cry] 0x01c8: 70 74 6f 5f 74 75 78 5f [pto_tux_] 0x01d0: 6c 2e 67 69 66 22 20 61 [l.gif" a] 0x01d8: 6c 69 67 6e 3d 6c 65 66 [lign=lef] 0x01e0: 74 3e 0a 3c 69 6d 67 20 [t>.<img ] 0x01e8: 73 72 63 3d 22 2f 63 72 [src="/cr] 0x01f0: 79 70 74 6f 5f 74 75 78 [ypto_tux] 0x01f8: 5f 72 2e 67 69 66 22 20 [_r.gif" ] 0x0200: 61 6c 69 67 6e 3d 72 69 [align=ri] 0x0208: 67 68 74 3e 0a 3c 43 65 [ght>.<Ce] 0x0210: 6e 74 65 72 3e 0a 3c 48 [nter>.<H] 0x0218: 31 3e 43 72 79 70 74 6f [1>Crypto] 0x0220: 4c 69 6e 75 78 20 2d 20 [Linux - ] 0x0228: 4c 69 6e 75 78 43 72 79 [LinuxCry] 0x0230: 70 74 6f 3c 2f 48 31 3e [pto</H1>] 0x0238: 0a 3c 48 32 3e 41 6c 6c [.<H2>All] 0x0240: 20 54 68 69 6e 67 73 20 [ Things ] 0x0248: 43 72 79 70 74 6f 67 72 [Cryptogr] 0x0250: 61 70 68 69 63 20 6f 6e [aphic on] 0x0258: 20 4c 69 6e 75 78 3c 2f [ Linux</] 0x0260: 48 32 3e 0a 3c 48 52 3e [H2>.<HR>] 0x0268: 0a 50 6c 65 61 73 65 20 [.Please ] 0x0270: 65 78 63 75 73 65 20 6f [excuse o] 0x0278: 75 72 20 64 75 73 74 2e [ur dust.] 0x0280: 2e 2e 20 20 54 68 69 73 [.. This] 0x0288: 20 73 69 74 65 20 68 61 [ site ha] 0x0290: 73 20 6a 75 73 74 20 6f [s just o] 0x0298: 70 65 6e 65 64 20 61 6e [pened an] 0x02a0: 64 20 74 68 65 20 70 61 [d the pa] 0x02a8: 67 65 73 20 61 72 65 0a [ges are.] 0x02b0: 73 74 69 6c 6c 20 75 6e [still un] 0x02b8: 64 65 72 20 6d 61 6a 6f [der majo] 0x02c0: 72 20 63 6f 6e 73 74 72 [r constr] 0x02c8: 75 63 74 69 6f 6e 2e 3c [uction.<] 0x02d0: 42 52 20 43 4c 45 41 52 [BR CLEAR] 0x02d8: 3d 41 4c 4c 3e 0a 3c 48 [=ALL>.<H] 0x02e0: 52 3e 0a 3c 2f 43 65 6e [R>.</Cen] 0x02e8: 74 65 72 3e 0a 3c 50 52 [ter>.<PR] 0x02f0: 45 3e 0a 3d 3d 3d 3d 3d [E>.=====] 0x02f8: 3d 3d 3d 3d 3d 3d 3d 3d [========] 0x0300: 3d 3d 3d 3d 3d 3d 3d 3d [========] 0x0308: 3d 3d 3d 3d 3d 3d 3d 3d [========] 0x0310: 3d 3d 3d 3d 3d 3d 3d 3d [========] 0x0318: 3d 3d 3d 3d 3d 3d 3d 3d [========] 0x0320: 3d 3d 3d 3d 3d 3d 3d 3d [========] 0x0328: 3d 3d 3d 3d 3d 3d 3d 3d [========] 0x0330: 3d 3d 3d 3d 0a 0a 20 20 [====.. ] 0x0338: 20 20 20 20 20 20 50 68 [ Ph] 0x0340: 6f 74 6f 63 6f 70 69 65 [otocopie] 0x0348: 73 20 6f 66 20 74 68 69 [s of thi] 0x0350: 73 20 68 61 76 65 20 62 [s have b] 0x0358: 65 65 6e 20 20 6b 69 63 [een kic] 0x0360: 6b 69 6e 67 20 61 72 6f [king aro] 0x0368: 75 6e 64 20 6f 75 72 20 [und our ] 0x0370: 20 6f 66 66 69 63 65 0a [ office.] 0x0378: 66 6f 72 20 20 61 67 65 [for age] 0x0380: 73 2e 20 20 20 49 74 20 [s. It ] 0x0388: 20 68 61 73 20 6e 6f 20 [ has no ] 0x0390: 61 75 74 68 6f 72 27 73 [author's] 0x0398: 20 6e 61 6d 65 20 61 74 [ name at] 0x03a0: 74 61 63 68 65 64 20 6f [tached o] 0x03a8: 72 20 61 6e 79 20 70 75 [r any pu] 0x03b0: 62 6c 69 63 61 74 69 6f [blicatio] 0x03b8: 6e 0a 69 6e 66 6f 72 6d [n.inform] 0x03c0: 61 74 69 6f 6e 20 73 6f [ation so] 0x03c8: 20 49 20 68 61 76 65 20 [ I have ] 0x03d0: 6e 6f 20 69 64 65 61 20 [no idea ] 0x03d8: 20 77 68 65 72 65 20 20 [ where ] 0x03e0: 69 74 20 20 6f 72 69 67 [it orig] 0x03e8: 69 6e 61 6c 6c 79 20 20 [inally ] 0x03f0: 63 61 6d 65 20 20 66 72 [came fr] 0x03f8: 6f 6d 2e 0a 54 68 69 73 [om..This] 0x0400: 20 6d 61 79 20 62 65 20 [ may be ] 0x0408: 61 20 6c 69 74 74 6c 65 [a little] 0x0410: 20 6f 75 74 20 6f 66 20 [ out of ] 0x0418: 73 65 61 73 6f 6e 20 62 [season b] 0x0420: 75 74 20 66 72 6f 6d 20 [ut from ] 0x0428: 77 68 61 74 20 49 20 67 [what I g] 0x0430: 75 65 73 73 2c 20 79 6f [uess, yo] 0x0438: 75 20 63 61 6e 0a 70 6c [u can.pl] 0x0440: 61 6e 74 20 6b 75 7a 75 [ant kuzu] 0x0448: 20 61 6e 79 20 74 69 6d [ any tim] 0x0450: 65 20 6f 66 20 74 68 65 [e of the] 0x0458: 20 79 65 61 72 20 61 6e [ year an] 0x0460: 64 20 65 6e 6a 6f 79 20 [d enjoy ] 0x0468: 69 74 20 66 6f 72 20 20 [it for ] 0x0470: 67 65 6e 65 72 61 74 [generat ] Peter Schawacker, CISSP Technical Evangelist McAfee Office 760 200 4258 Mobile 760 880 4258 ps () nai com -----Original Message----- From: Michael H. Warfield [mailto:mhw () wittsend com] Sent: Wednesday, June 30, 2004 4:29 PM To: Schawacker, Peter Cc: shoten () starpower net; focus-ids () securityfocus com; security () brvenik com; mhw () wittsend com Subject: Re: SSL and IPS (was RE: ssh and ids) On Wed, Jun 30, 2004 at 01:39:38PM -0700, Peter_Schawacker () NAI com wrote:
Rob,
:
I think we've taken this topic as far as we can on this list. There is no question that the technology works -- we've had it in beta in real world networks. The most important question is, "How will the market value this technology?" Only real-world implementations and time will tell. Let's just let the market decide the value of IPS decryption, shall we?
You're right... Let's test it. I've put up the challenge. I'll set up a secure web server on a separate IP address and secure with a cert. I'll provide you with the private key, with no password, and the certificate, and a tcpdump of all the traffic to and from that IP address. You just provide back all the clear text. That should be simple. Yes? If you can do that, given the private key of the server, then you have proven your point. And THAT'S real world. I can have it done tonight.
Thanks, Mike (ISS), Marty (Sourcefire) and Jason (Sourcefire) for your
questions and comments. Let's have this chat again six months from now. ;-)
Over and out.
Peter Schawacker, CISSP Technical Evangelist McAfee Office 760 200 4258 Mobile 760 880 4258 ps () nai com
Mike -- Michael H. Warfield | (770) 985-6132 | mhw () WittsEnd com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- RE: SSL and IPS (was RE: ssh and ids) Rob Shein (Jun 30)
- Re: SSL and IPS (was RE: ssh and ids) Michael H. Warfield (Jun 30)
- RE: SSL and IPS (was RE: ssh and ids) Rob Shein (Jun 30)
- <Possible follow-ups>
- RE: SSL and IPS (was RE: ssh and ids) Peter_Schawacker (Jul 01)
- Re: SSL and IPS (was RE: ssh and ids) Michael H. Warfield (Jul 01)
- Re: SSL and IPS (was RE: ssh and ids) Wouter Clarie (Jul 04)
- Re: SSL and IPS (was RE: ssh and ids) Michael H. Warfield (Jul 04)
- Re: SSL and IPS (was RE: ssh and ids) Michael H. Warfield (Jul 01)
- Re: SSL and IPS (was RE: ssh and ids) Michael H. Warfield (Jul 01)
- Re: SSL and IPS (was RE: ssh and ids) Michael H. Warfield (Jun 30)
- RE: SSL and IPS (was RE: ssh and ids) Peter_Schawacker (Jul 04)