[Snort-sigs] filter http traffic

Ryan Moon ryan.c.moon at ...2420...
Thu May 24 09:42:34 EDT 2012

I think it is hyperbolic to call this "the end of NIDS". In the past,
employers I have worked for have considered implementing SSL
terminators in order to decrypt this traffic at the edge for recording
and network forensics. This has it's own set of hurdles, but overall
provides the visibility needed to do NIDS work. Our field is
constantly evolving, full traffic 100% SSL is the future, embrace it.

- Ryan

On Wed, May 23, 2012 at 7:53 PM, Jason Haar <Jason_Haar at ...3686...> wrote:
> On 21/05/12 06:07, Balasubramaniam Natarajan wrote:
>> One small question I doubt it that is possible because when I type in
>> google.com <http://google.com> the browser automatically switches over
>> to https://www.google.co.in/ so in that case we may not be able to
>> trace it.
> Yup, welcome to the end of NIDS. I am seeing more and more network
> traffic "go dark". Security counteracting security - irony at its best :-(
> --
> Cheers
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +1 408 481 8171
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
> Please visit http://blog.snort.org for the latest news about Snort!

More information about the Snort-sigs mailing list