IDS mailing list archives

RE: How to monitor encrypted connections...

From: "Ofer Shezaf" <OferS () Breach com>
Date: Tue, 25 Sep 2007 10:12:26 -0400



Leonardo wrote:


Jean,

On my Msc thesis I finished last year, I proposed an IDS/IPS
architecture
and developed what I call Application-based sensor.
In this sense, I debugged Apache behavior and catch the requests after
they
were decrypted and before they were processed by the app server.


How is it different than ModSecurity?


BTW, Did you check about WAF - Web Application firewall??

Regards,


~ Ofer

Ofer Shezaf
ofers () breach com, Phone:+972-9-9560036 #212, Cell: +972-54-4431119

CTO, Breach Security; Chair, OWASP Israel; Leader, ModSecurity Core Rule
Set Project; 
Leader, WASC Web Hacking Incidents Database Project





------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

Current thread:

How to monitor encrypted connections... Jean-Pierre FORCIOLI (Sep 20)
- RE: How to monitor encrypted connections... Ofer Shezaf (Sep 24)
  - RE: How to monitor encrypted connections... Leonardo Cavallari Militelli (Sep 25)
    - RE: How to monitor encrypted connections... Ofer Shezaf (Sep 27)
    - RE: How to monitor encrypted connections... Leonardo Cavallari Militelli (Sep 27)
- RE: How to monitor encrypted connections... Srinivasa Addepalli (Sep 25)
- <Possible follow-ups>
- Re: How to monitor encrypted connections... proneetb (Sep 24)
- Re: How to monitor encrypted connections... abhicc285 (Sep 24)
  - Re: How to monitor encrypted connections... Stefano Zanero (Sep 25)
  - RE: How to monitor encrypted connections... Kevin Overcash (Sep 25)