Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Encrypted sessions

From: Tom Sevy <tsevy () epx com>
Date: Wed, 28 Nov 2001 07:02:43 -0500
We're implementing Alteon (Nortel now) ISD SSL devices.... he he he.....
snort, snort.....

-----Original Message-----
From: Fyodor [mailto:fygrave () tigerteam net]
Sent: Tuesday, November 27, 2001 10:06 PM
To: Michael Aylor
Cc: 'Erek Adams'; Chr. v. Stuckrad; snort-users () lists sourceforge net
Subject: Re: [Snort-users] Encrypted sessions


On Tue, Nov 27, 2001 at 04:25:50PM -0600, Michael Aylor wrote:

That would be neat, if there was a way of telling snort about the
existance of a private RSA key that it had read access to, so it could
reverse engineer the public key exchange it was watching...am I
oversimplifying?  My understanding was that, if you had the private key
(and presumably the password used to encrypt it), then you'd be able to
decode any traffic using that key.  Am I incorrect?



yes. see http://www.rtfm.com/ssldump/, the only thing we need to somehow
integrate such huge piece into snort :-)


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: