Snort mailing list archives
RE: Snorting SSL
From: "Hutchinson, Andrew" <andrew.hutchinson () Vanderbilt Edu>
Date: Mon, 7 Jul 2003 13:11:23 -0500
I may be wrong, but the only good way that I know of to do this is to use an SSL Accelerator, and run your ISD behind it. This can often be combined with a we server load balancing solution, from folks like Radware or F5. The accelerator terminates the SSL sessions and then dispatches the session of one of the servers in the farm. Radware allows you to plug your IDS right into the accelerator/load balancer. I don't know too much about F5. Hope this helps, Andrew Andrew Hutchinson - Network Security Vanderbilt University Medical Center (615) 936-2856
-----Original Message----- From: mjm () eitsystems com [mailto:mjm () eitsystems com] Sent: Monday, July 07, 2003 10:57 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Snorting SSL Is there anyway to decrypt SSL sessions for IDS analyis by snort? I understand why this can not happen now but, is there a feasable way if you could use your web server's certificate or something to snort this traffic? Curious if anyone knows or has any ideas. -mike mccasland ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_06 1203_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snorting SSL mjm (Jul 07)
- Re: Snorting SSL Derya Sezen (Jul 07)
- <Possible follow-ups>
- RE: Snorting SSL Hutchinson, Andrew (Jul 07)
- Re: Snorting SSL Jason Haar (Jul 07)
- RE: Snorting SSL James R. Hendrick (Jul 07)
- Re: Snorting SSL Ryan Johnson (Jul 07)