Snort mailing list archives
Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures?
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Sun, 24 Jan 2010 17:16:06 +1300
On 01/24/2010 09:40 AM, Jason Brvenik wrote:
Snort itself has had these capabilities for a long time and they have been use for various purposes by all manner of folks.
Don't forget they all cannot handle SSL-based traffic directly - and that still doesn't cover Skype. Exception: I know Bluecoat do a big song-and-dance about their inline SSL support. You have to reconfigure all software clients to either disable/ignore SSL hostname mismatches (ie disable the "trusted" bit of SSL!), or create a Bluecoat CA and dynamically generate new "fake" certs for every SSL server you access (ie "trust" your Bluecoat admin won't steal your credit card). I see Squid is working on similar technology too - interesting times... When will we see inline snort dynamically create fake server certs? ;-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Dimitri Syuoul (Jan 22)
- Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Richard Bejtlich (Jan 22)
- Message not available
- Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Dimitri Syuoul (Jan 22)
- Message not available
- Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Richard Bejtlich (Jan 22)
- Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Jason Brvenik (Jan 23)
- Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures? Jason Haar (Jan 23)