Honeypots mailing list archives
Re: logging facility
From: Valdis.Kletnieks () vt edu
Date: Thu, 28 Aug 2003 11:36:18 -0400
On Thu, 28 Aug 2003 05:45:20 EDT, Motayyam79 () aol com said:
"Encrypted traffic such as that to an SSL web server can be decrypted and logged." How can encrypted traffic be decrypted with a honeypot?
Well... let's say you're looking at an SSL session - it goes across the wire encrypted, the operating system hands it to the OpenSSL libraries, which decrypt it.. ... and then hand it to your packet logger (instead of)/(in addition to) Apache. Similarly for SSH - you just install a tap into the program where you can write out the cleartext data....
Attachment:
_bin
Description:
Current thread:
- Re: logging facility, (continued)
- Re: logging facility Floydman (Aug 27)
- Re: logging facility Motayyam79 (Aug 27)
- Re: logging facility Richard Stevens (Aug 28)
- Re: logging facility KeyFocus (Aug 28)
- Re: logging facility Floydman (Aug 28)
- Re: logging facility Floydman (Aug 28)
- Re: logging facility Motayyam79 (Aug 28)
- Re: logging facility KeyFocus (Aug 28)
- Re: logging facility urbn (Aug 29)
- Re: logging facility KeyFocus (Aug 29)
- Re: logging facility KeyFocus (Aug 28)
- Re: logging facility Valdis . Kletnieks (Aug 28)
- Re: logging facility Edward Balas (Aug 29)
- Re: logging facility Peter Bates (Aug 28)
- Re: logging facility Ryan Barnett (Aug 29)