Snort mailing list archives
RE: Queries on Snort...
From: "Hutchinson, Andrew" <Andrew.Hutchinson () Vanderbilt edu>
Date: Fri, 30 Aug 2002 08:37:50 -0500
If you require decoding encrypted traffic - and I'm assuming that you're mainly concerned with ssl to your web servers, here - you should probably look at getting an ssl proxy, and placing your IDS behind that to watch for http attacks. If you have high traffic web servers, that'll take the encryption processing off the web servers, and will also allow you to decode the encrypted traffic. -----Original Message----- From: Poppi, Sandro [mailto:Sandro.Poppi () wacker com] Sent: Friday, August 30, 2002 5:50 AM To: 'P.Balasubramaniam'; snort-users () lists sourceforge net Subject: AW: [Snort-users] Queries on Snort... Hi,
Hi, I am suggesting Snort for Intrusion Detection requirement. I do not know whether the following are supported in Snort. Can you help on these queries? 1. Does Snort support capturing and decoding encrypted traffic?
Capturing yes, but not decoding since it would be necessary to have the private key of the recipient which you normally would not install on the snort box ;)
2. Does Snort support playback of stored packets?
If you save packets in pcap format snort can read and interpret it as if the packets where sent over the network snort listens.
3. Can Snort do intrusion prevention like if an intrusion occurs, it respond to the attack.
Yes, using the so-called "flexible response" feature. HTH, Sandro ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Queries on Snort... P.Balasubramaniam (Aug 30)
- Re: Queries on Snort... Matt Kettler (Aug 30)
- Re: Queries on Snort... Billy Macdonald (Aug 30)
- Re: OT:Queries on Snort... Matt Kettler (Aug 30)
- Re: Queries on Snort... Billy Macdonald (Aug 30)
- <Possible follow-ups>
- RE: Queries on Snort... Hutchinson, Andrew (Aug 30)
- RE: Queries on Snort... Jack Lyons (Aug 30)
- Re: Queries on Snort... Matt Kettler (Aug 30)