Vulnerability Development mailing list archives
Re: SSL & IDS
From: Crispin Cowan <crispin () WIREX COM>
Date: Thu, 31 Aug 2000 11:29:01 -0700
Roelof Temmingh wrote:
I am working on an article-thingy, and while writing I stumbled across this: IDS & SSL does not work together well...wow! (this was a joke). Even if you put an IDS on the same platform as the webserver it would not work. How should this be addressed? Is it addressed in some way by the ppl on the IDS mailling list? I did a -=very=- quick search for SSL and IDS and didnt really get anything.
The problem is more general than that: *network* IDS's fail in the presence of any kind of network crypto (host-based IDS's are unaffected). This problem is more commonly stated as IDS's vs. VPNs. VPNs (i.e. IPSec, PPTP (blech)) make life even harder on a network IDS than SSL does.
I have some ideas of how one can try to solve it, but I dont want to barge into other ppl's territory.
I'm very interested in hearing your ideas. Particularly since I don't believe the problem is solvable :-)
Yeah, I know .. its prolly not the best list for the discussion.
I can't think of a strictly better list to have the discussion on. These kinds of discussions happen on security-audit, but it is OT there, too. Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org
Current thread:
- Re: SSL & IDS, (continued)
- Re: SSL & IDS Bluefish (P.Magnusson) (Sep 01)
- Re: SSL & IDS Timothy J. Miller (Sep 01)
- Re: SSL & IDS Mikael Olsson (Sep 01)
- Re: SSL & IDS Ng Pheng Siong (Sep 02)
- Re: SSL & IDS Dragos Ruiu (Sep 02)
- Re: SSL & IDS Bluefish (P.Magnusson) (Sep 03)
- Re: SSL & IDS Pluto (Sep 08)
- Re: SSL & IDS Ng Pheng Siong (Sep 02)
- Re: SSL & IDS Benjamin P. Grubin (Sep 05)
- Re: SSL & IDS J Edgar Hoover (Sep 01)