[Snort-users] Encrypted sessions
fygrave at ...121...
Tue Nov 27 19:15:02 EST 2001
On Tue, Nov 27, 2001 at 04:25:50PM -0600, Michael Aylor wrote:
> That would be neat, if there was a way of telling snort about the
> existance of a private RSA key that it had read access to, so it could
> reverse engineer the public key exchange it was watching...am I
> oversimplifying? My understanding was that, if you had the private key
> (and presumably the password used to encrypt it), then you'd be able to
> decode any traffic using that key. Am I incorrect?
yes. see http://www.rtfm.com/ssldump/, the only thing we need to somehow
integrate such huge piece into snort :-)
More information about the Snort-users