Vulnerability Development mailing list archives

Re: SSL & IDS

From: Blue Boar <BlueBoar () THIEVCO COM>
Date: Fri, 1 Sep 2000 18:09:54 -0700

Ed Padin wrote:


I don't know of any IDS systems that can decode SSL traffic on the fly. An
IDS just a smarter network sniffer. SSL and other encrypted protocols are
used to prevent network sniffers from gleaning any information from network
traffic. If there was an IDS that could read SSL traffic then SSL would be a
joke.

 I don't know of any that do this, but you could certainly build an IDS
that
could decode SSL.  You just have to share the web server's private key with
the IDS system.  (The original poster wanted to monitor his own web
server.)

This shouldn't pose significantly more risk than having the private key
sitting on the web server itself or on an outboard SSL accelerator, which
you'll have to do if you want to serve SSL.

                                        BB

Current thread:

Re: SSL & IDS Denis Ducamp (Sep 01)
- <Possible follow-ups>
- Re: SSL & IDS Ed Padin (Sep 01)
  - Re: SSL & IDS Inno Eroraha (Sep 01)
  - Re: SSL & IDS Blue Boar (Sep 02)
- Re: SSL & IDS Bluefish (P.Magnusson) (Sep 01)
- Re: SSL & IDS Timothy J. Miller (Sep 01)
- Re: SSL & IDS Mikael Olsson (Sep 01)
  - Re: SSL & IDS Ng Pheng Siong (Sep 02)
    - Re: SSL & IDS Dragos Ruiu (Sep 02)
    - Re: SSL & IDS Bluefish (P.Magnusson) (Sep 03)
    - Re: SSL & IDS Pluto (Sep 08)
    - Re: SSL & IDS Benjamin P. Grubin (Sep 05)
- Re: SSL & IDS H D Moore (Sep 01)
  - Re: SSL & IDS J Edgar Hoover (Sep 01)

(Thread continues...)