Re: Portscan and SSL data encryption

[Jed Pickel <jed () pickel net>]

On Fri, Jul 20, 2001 at 05:28:46PM -0400, Guy Bruneau wrote:
> My first question is: How do can I proceed to forward the portscan data
> from a remote sensor to a MySQL database server? The sensor is logging
> the data correctly in the MySQL database but without the portscan data.

If you set your database plugin to use the "alert" facility as opposed
to "log", portscan alerts will be logged in MySQL -- but for now the
output of the portscan plugin will show up as signatures. The next
major release of snort will have a table specific for portscans.

> My second question is: How can I encrypt the alarms between a remote
> sensor and a MySQL database server to ensure data integrity (encrypted)?
> The sensor has already been compiled with openssl.

The only way to do this now is with ssh port forwarding or a wrapper
like stunnel. Although.. I just checked out the docs at mysql.com and
they claim that that MySQL versions since 3.23.9 "support internal SSL
connections". If this is true I'll add naitive SSL in for the next
release of the db plugin.

Regards,

* Jed

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users