Snort mailing list archives
Re: filter http traffic
From: Ryan Moon <ryan.c.moon () gmail com>
Date: Thu, 24 May 2012 08:42:34 -0500
I think it is hyperbolic to call this "the end of NIDS". In the past, employers I have worked for have considered implementing SSL terminators in order to decrypt this traffic at the edge for recording and network forensics. This has it's own set of hurdles, but overall provides the visibility needed to do NIDS work. Our field is constantly evolving, full traffic 100% SSL is the future, embrace it. - Ryan On Wed, May 23, 2012 at 7:53 PM, Jason Haar <Jason_Haar () trimble com> wrote:
On 21/05/12 06:07, Balasubramaniam Natarajan wrote:One small question I doubt it that is possible because when I type in google.com <http://google.com> the browser automatically switches over to https://www.google.co.in/ so in that case we may not be able to trace it.Yup, welcome to the end of NIDS. I am seeing more and more network traffic "go dark". Security counteracting security - irony at its best :-( -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- filter http traffic Sdflkaj Jksdfj (May 20)
- Re: filter http traffic Joel Esler (May 20)
- Re: filter http traffic Balasubramaniam Natarajan (May 20)
- Re: filter http traffic Giles Coochey (May 22)
- Re: filter http traffic Jason Haar (May 24)
- Re: filter http traffic Ryan Moon (May 24)
- Re: filter http traffic Balasubramaniam Natarajan (May 20)
- Re: filter http traffic Joel Esler (May 20)