Snort mailing list archives
Re: Encrypted sessions
From: "Chr. v. Stuckrad" <stucki () math fu-berlin de>
Date: Tue, 27 Nov 2001 22:25:31 +0100
On Tue, Nov 27, 2001 at 01:13:57PM -0800, Erek Adams wrote:
*sigh* I just love marketing/sales techno-babble. Not!
*grin* there is another problem with 'encryption': I've seen a thing like an IRC-Bot used as DDOS Command-Center and communicating via an encrypted stream to the hacked host... No chance to see anything, except if the key is already known.
If it's encrypted traffic, to examine the traffic you would have to decode it.
But how? If for example you would want to look for specific bad traffic (we had that with ssh1) and you want to find logins via ssh, you only get the fact, that there IS a connection, no contents (else ssh would be useless anyway). Stucki -- Christoph von Stuckrad * * | nickname | <stucki () math fu-berlin de> \ Freie Universitaet Berlin |/_* | 'stucki' | Tel(days):+49 30 838-75 459 | Fachbereich Mathematik, EDV |\ * | if online | Tel(else):+49 30 77 39 6600 | Arnimallee 2-6/14195 Berlin * * | on IRCnet | Fax(alle):+49 30 838-75454 / _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Encrypted sessions Ronneil Camara (Nov 27)
- Re: Encrypted sessions Erek Adams (Nov 27)
- Re: Encrypted sessions Chr. v. Stuckrad (Nov 27)
- Re: Encrypted sessions Erek Adams (Nov 27)
- Re: Encrypted sessions Jason Haar (Nov 27)
- Re: Encrypted sessions Chr. v. Stuckrad (Nov 27)
- RE: Encrypted sessions Abe L. Getchell (Nov 27)
- RE: Encrypted sessions Erek Adams (Nov 27)
- RE: Encrypted sessions Abe L. Getchell (Nov 28)
- RE: Encrypted sessions Erek Adams (Nov 27)
- Re: Encrypted sessions Ralf Hildebrandt (Nov 27)
- Re: Encrypted sessions Ralf Hildebrandt (Nov 28)
- <Possible follow-ups>
- Re: Encrypted sessions Mike Shaw (Nov 27)
- RE: Encrypted sessions Michael Aylor (Nov 27)
- Re: Encrypted sessions Fyodor (Nov 27)
(Thread continues...)
- Re: Encrypted sessions Erek Adams (Nov 27)