Snort mailing list archives
Re: Encrypted sessions
From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 27 Nov 2001 13:13:57 -0800 (PST)
On Tue, 27 Nov 2001, Ronneil Camara wrote:
How does snort deal with encrypted communication. Let say, I would to monitor https connection to my web server or we've got an encrypted connection to other mail server. Would snort know about those attacks?
No problem--If you've got the SSL key, that is! :)
This is what the big vendor company mentioned to me about snort's weakness.
*sigh* I just love marketing/sales techno-babble. Not! If it's encrypted traffic, to examine the traffic you would have to decode it. If you have the keys then you can hookup ssldump (I think that's the name--Have to check my notes at home.) and pipe the data into snort. Snort can then tell you anything about it. :) Also look into SPADE. SPADE does among other things, anomaly detection. You can use that to see when you have a spike in certain type of activity. Anyone else got a better way to play with encryption? I'm looking for new ideas! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Encrypted sessions Ronneil Camara (Nov 27)
- Re: Encrypted sessions Erek Adams (Nov 27)
- Re: Encrypted sessions Chr. v. Stuckrad (Nov 27)
- Re: Encrypted sessions Erek Adams (Nov 27)
- Re: Encrypted sessions Jason Haar (Nov 27)
- Re: Encrypted sessions Chr. v. Stuckrad (Nov 27)
- RE: Encrypted sessions Abe L. Getchell (Nov 27)
- RE: Encrypted sessions Erek Adams (Nov 27)
- RE: Encrypted sessions Abe L. Getchell (Nov 28)
- RE: Encrypted sessions Erek Adams (Nov 27)
- Re: Encrypted sessions Ralf Hildebrandt (Nov 27)
- Re: Encrypted sessions Ralf Hildebrandt (Nov 28)
- <Possible follow-ups>
- Re: Encrypted sessions Mike Shaw (Nov 27)
- RE: Encrypted sessions Michael Aylor (Nov 27)
(Thread continues...)
- Re: Encrypted sessions Erek Adams (Nov 27)