[Snort-users] Encrypted sessions
Ralf.Hildebrandt at ...3909...
Tue Nov 27 22:49:10 EST 2001
On Tue, Nov 27, 2001 at 02:53:22PM -0600, Ronneil Camara wrote:
> How does snort deal with encrypted communication. Let say, I would to
> monitor https connection to my web server or we've got an encrypted
> connection to other mail server. Would snort know about those attacks?
> This is what the big vendor company mentioned to me about snort's
And how do they handle that problem? IT'S ENCRYPTED, DUMMY!
What is the point of encryption if the IDS can look into the encrypted
datastream -- it must have a key. This makes it a high value target.
BTW, snort does SSL/TLS.
Ralf Hildebrandt Tel. +49 (0)30-450 570-155
Fax. +49 (0)30-450 570-916
"Warum Textmails, _moderne Clients_ verstehen doch auch HTML oder .doc"
More information about the Snort-users