[Snort-users] Encrypted sessions

Ralf Hildebrandt Ralf.Hildebrandt at ...3909...
Tue Nov 27 22:49:10 EST 2001


On Tue, Nov 27, 2001 at 02:53:22PM -0600, Ronneil Camara wrote:

> How does snort deal with encrypted communication. Let say, I would to
> monitor https connection to my web server or we've got an encrypted
> connection to other mail server. Would snort know about those attacks?
> 
> This is what the big vendor company mentioned to me about snort's
> weakness.

And how do they handle that problem? IT'S ENCRYPTED, DUMMY!
What is the point of encryption if the IDS can look into the encrypted
datastream -- it must have a key. This makes it a high value target.

BTW, snort does SSL/TLS.
-- 
Ralf Hildebrandt                            Tel.  +49 (0)30-450 570-155
                                            Fax.  +49 (0)30-450 570-916
"Warum Textmails, _moderne Clients_ verstehen doch auch HTML oder .doc"





More information about the Snort-users mailing list