[Snort-users] Detection after decryption
Erik.Engberg at ...511...
Mon Sep 25 12:35:15 EDT 2000
I haven´t seen this one up yet.
Just another crazy (?) idea:
Wouldn´t it be neat to have a preprocessor/module for OpenSSH and/or Apache
that does intrusion detection on the traffic after its been decrypted?
What would it take and would it be hard would to build?
Perhaps that would be more in the domain of hostbased IDS. Although I got
the "idea" when we started talking here @work about SSL accelerators and
that you could do full network analysis of the traffic after it decrypted in
the accelerator box and went unencrypted to the web server.
More information about the Snort-users