Snort mailing list archives
Snort New Feature Request
From: Renaud Lemble <Renaud.Lemble () cetelem fr>
Date: Fri, 17 Aug 2001 11:49:52 +0200
Hi, I want to do a suggestion : Why not using ssldump in order to replace tcpdump in snort ? We could decode encrypted protocols if snort has a copy of servers keys. A preprossesor could be coded to do that. A config file could be: preprocessor ssl_decode: server1_ip port1 certif1.pem preprocessor ssl_decode: server2_ip port2 certif2.pem ... I think this will be a very interresting option. I know a lot of people who are searching an option like this one. and I think no IDS do that at this time. What do you think about this idea ? -- ------------------------ Renaud LEMBLE renaud.lemble () cetelem fr ------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort New Feature Request Renaud Lemble (Aug 17)
- Re: Snort New Feature Request Martin Roesch (Aug 17)
- Re: Re: Snort New Feature Request Jason Haar (Aug 18)
- Re: Snort New Feature Request Martin Roesch (Aug 17)