Snort mailing list archives

Re: filter http traffic

From: Ryan Moon <ryan.c.moon () gmail com>
Date: Thu, 24 May 2012 08:42:34 -0500

I think it is hyperbolic to call this "the end of NIDS". In the past,
employers I have worked for have considered implementing SSL
terminators in order to decrypt this traffic at the edge for recording
and network forensics. This has it's own set of hurdles, but overall
provides the visibility needed to do NIDS work. Our field is
constantly evolving, full traffic 100% SSL is the future, embrace it.

- Ryan


On Wed, May 23, 2012 at 7:53 PM, Jason Haar <Jason_Haar () trimble com> wrote:

On 21/05/12 06:07, Balasubramaniam Natarajan wrote:

One small question I doubt it that is possible because when I type in
google.com <http://google.com> the browser automatically switches over
to https://www.google.co.in/ so in that case we may not be able to
trace it.


Yup, welcome to the end of NIDS. I am seeing more and more network
traffic "go dark". Security counteracting security - irony at its best :-(

--
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

filter http traffic Sdflkaj Jksdfj (May 20)
- Re: filter http traffic Joel Esler (May 20)
  - Re: filter http traffic Balasubramaniam Natarajan (May 20)
    - Re: filter http traffic Giles Coochey (May 22)
    - Re: filter http traffic Jason Haar (May 24)
    - Re: filter http traffic Ryan Moon (May 24)