[Snort-users] Snorting SSL

Derya Sezen funky at ...8796...
Mon Jul 7 13:27:43 EDT 2003


Hi,

I'm just making some essays to do that. Actually, you can collect the
"private keys" of your trusted zone. In theory, it's possible to decrypt
the traffic, but it's better to do that in a cluster system cause you
cannot send the decrypt process to your main I.D.S. system. It can
possible to do that in a load balanced system that forwards ssl
decryptage to another system(or cluster).

I can send my results later if you are interested in...

On Mon, 2003-07-07 at 18:57, mjm at ...7530... wrote:
> Is there anyway to decrypt SSL sessions for IDS analyis by snort? I
> understand why this can not happen now but, is there a feasable way if you
> could use your web server's certificate or something to snort this
> traffic?
> 
> Curious if anyone knows or has any ideas.
> 
> -mike mccasland
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
> http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- 
Derya Sezen
funky at ...8796...

"The software said it requires Windows 98 or better, so I installed
Linux..."





More information about the Snort-users mailing list