Snort mailing list archives
Re: Portscan and SSL data encryption
From: Jed Pickel <jed () pickel net>
Date: Fri, 20 Jul 2001 19:33:39 -0400
On Fri, Jul 20, 2001 at 05:28:46PM -0400, Guy Bruneau wrote:
My first question is: How do can I proceed to forward the portscan data from a remote sensor to a MySQL database server? The sensor is logging the data correctly in the MySQL database but without the portscan data.
If you set your database plugin to use the "alert" facility as opposed to "log", portscan alerts will be logged in MySQL -- but for now the output of the portscan plugin will show up as signatures. The next major release of snort will have a table specific for portscans.
My second question is: How can I encrypt the alarms between a remote sensor and a MySQL database server to ensure data integrity (encrypted)? The sensor has already been compiled with openssl.
The only way to do this now is with ssh port forwarding or a wrapper like stunnel. Although.. I just checked out the docs at mysql.com and they claim that that MySQL versions since 3.23.9 "support internal SSL connections". If this is true I'll add naitive SSL in for the next release of the db plugin. Regards, * Jed _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Portscan and SSL data encryption Guy Bruneau (Jul 20)
- <Possible follow-ups>
- Re: Portscan and SSL data encryption Jed Pickel (Jul 20)