Snort mailing list archives
Re: Snorting SSL
From: Derya Sezen <funky () gsu linux org tr>
Date: 07 Jul 2003 23:33:25 +0300
Hi, I'm just making some essays to do that. Actually, you can collect the "private keys" of your trusted zone. In theory, it's possible to decrypt the traffic, but it's better to do that in a cluster system cause you cannot send the decrypt process to your main I.D.S. system. It can possible to do that in a load balanced system that forwards ssl decryptage to another system(or cluster). I can send my results later if you are interested in... On Mon, 2003-07-07 at 18:57, mjm () eitsystems com wrote:
Is there anyway to decrypt SSL sessions for IDS analyis by snort? I understand why this can not happen now but, is there a feasable way if you could use your web server's certificate or something to snort this traffic? Curious if anyone knows or has any ideas. -mike mccasland ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Derya Sezen funky () gsu linux org tr "The software said it requires Windows 98 or better, so I installed Linux..." ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snorting SSL mjm (Jul 07)
- Re: Snorting SSL Derya Sezen (Jul 07)
- <Possible follow-ups>
- RE: Snorting SSL Hutchinson, Andrew (Jul 07)
- Re: Snorting SSL Jason Haar (Jul 07)
- RE: Snorting SSL James R. Hendrick (Jul 07)
- Re: Snorting SSL Ryan Johnson (Jul 07)