Re: Snort and encrypted protocols

[Marsiske Stefan <stefan.marsiske () sysdata siemens hu>]

good idea, but you'll need all servercertificates on the snortbox for proper
decryption. talk about single point of failure/compromise?
btw, this is probably very slow. but anyhow a good idea for a plugin.

On Thu, Aug 16, 2001 at 10:57:50AM +0200, Renaud Lemble wrote:
> Why not using ssldump to replace tcpdump in snort ?
> You could decode encrypted protocols if snort is use as an host based
> ids.
> This will be a very interresting option.
>
> -- 
> ------------------------
> Renaud LEMBLE
> renaud.lemble () cetelem fr
> ------------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
---end quoted text---

-- 
Stefan [http://web.interware.hu/stef] UPDATED:001031
gpg-key: http://web.interware.hu/stef/gpg.txt
quote: "Hackers do not feel that leisure time is automatically any more
meaningful than work time. The desirability of both depends on how they are
realized. From the point of a view of a meaningful life, the entire
work/leisure duality must be abandoned. As long as we are living our work or
our leisure, we are not even truly living. Meaning cannot be found in work or
leisure but has to arise out of the nature of the activity itself. Out of
passion. Social value. Creativity."

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users