[Snort-users] monitoring https / SSL

McCammon, Keith Keith.McCammon at ...3497...
Thu May 2 10:03:03 EDT 2002


It's not that simple, as https traffic is encrypted, and snort cannot decode it in the same manner as http traffic, which is in the clear.  Rules that apply to source and destination ports can be changed, as could certain rules referencing packet size, flags, etc.  However, snort can't grab the application-layer data from https traffic.

Cheers

Keith

-----Original Message-----
From: Slade Edmonds [mailto:slade at ...5758...]
Sent: Thursday, May 02, 2002 12:51 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] monitoring https / SSL


Could anyone direct me to information regarding snorting SSL traffic?  Is it
just a matter of taking the rules files designed for monitoring standard
http port 80 and adding an ssl port to it?

Thanks


_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth at ...382...
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list