[Snort-devel] Re: [Snort-users] Encrypted sessions

Fyodor fygrave at ...1...
Wed Nov 28 18:05:01 EST 2001


On Thu, Nov 29, 2001 at 09:25:59AM +0800, Ju Kong Fui wrote:
> Rather than building decryption module into snort, I suggest to build a host
> based "snort", using the same signature as the existing network based
> "snort". Both host based and network based "snort" can log to the same log
> repository and then report it using ACID or any other reporting
> plug-in/tools.
> 

What do you mean by 'host based snort'? Running snort on loopback and
having another process which would act as 'ssl accelerator'? (stunnel
could do that f.e.). The only thing which you won't be able to see here
is the actual source of offending requests, you'll have to analyse
stunnel logs for that.





More information about the Snort-devel mailing list