Honeypots mailing list archives

Re: logging facility

From: Valdis.Kletnieks () vt edu
Date: Thu, 28 Aug 2003 11:36:18 -0400

On Thu, 28 Aug 2003 05:45:20 EDT, Motayyam79 () aol com said:

"Encrypted traffic such as that to an SSL web server can be decrypted and 
logged."

How can encrypted traffic be decrypted with a honeypot?


Well... let's say you're looking at an SSL session - it goes across the wire encrypted,
the operating system hands it to the OpenSSL libraries, which decrypt it..

... and then hand it to your packet logger (instead of)/(in addition to) Apache.

Similarly for SSH - you just install a tap into the program where you can write out
the cleartext data....

Attachment: _bin
Description:

Current thread:

Re: logging facility, (continued)
- Re: logging facility Floydman (Aug 27)
- Re: logging facility Motayyam79 (Aug 27)
  - Re: logging facility Richard Stevens (Aug 28)
  - Re: logging facility KeyFocus (Aug 28)
    - Re: logging facility Floydman (Aug 28)
  - Re: logging facility Floydman (Aug 28)
- Re: logging facility Motayyam79 (Aug 28)
  - Re: logging facility KeyFocus (Aug 28)
    - Re: logging facility urbn (Aug 29)
    - Re: logging facility KeyFocus (Aug 29)
  - Re: logging facility Valdis . Kletnieks (Aug 28)
  - Re: logging facility Edward Balas (Aug 29)
- Re: logging facility Peter Bates (Aug 28)
- Re: logging facility Ryan Barnett (Aug 29)