[Snort-devel] Snort SSL

Chris Green cmg at ...402...
Fri Oct 4 06:53:03 EDT 2002


"Peter Robinson" <peter at ...1601...> writes:

> Hi there...
>
> As I a new ot the list I have missed this discussion in the past and could
> not find a definitive answer in the archives
>
> Is it possible to get snort to decrypt ssl type connections and check them
> against the web* rules ?

Nope. There is no integration with the keying that would be required
to do this type of monitoring. 

>
> I would be happy to use this type of feature to monitor traffic to a single
> https server if possible.

You can use apache mod_ssl as a proxy server to an unencrypted
webserver and let snort run on the intermediate link.
-- 
Chris Green <cmg at ...402...>
A watched process never cores.




More information about the Snort-devel mailing list