Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Encrypted sessions

From: Ralf Hildebrandt <Ralf.Hildebrandt () charite de>
Date: Wed, 28 Nov 2001 07:48:40 +0100
On Tue, Nov 27, 2001 at 02:53:22PM -0600, Ronneil Camara wrote:


How does snort deal with encrypted communication. Let say, I would to
monitor https connection to my web server or we've got an encrypted
connection to other mail server. Would snort know about those attacks?

This is what the big vendor company mentioned to me about snort's
weakness.


And how do they handle that problem? IT'S ENCRYPTED, DUMMY!
What is the point of encryption if the IDS can look into the encrypted
datastream -- it must have a key. This makes it a high value target.

BTW, snort does SSL/TLS.
-- 
Ralf Hildebrandt                            Tel.  +49 (0)30-450 570-155
                                            Fax.  +49 (0)30-450 570-916
"Warum Textmails, _moderne Clients_ verstehen doch auch HTML oder .doc"


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: