|
IDS
mailing list archives
Re: IDS, IPS and encrypted traffic
From: Jose Maria Lopez <jkerouac () bgsec com>
Date: 06 Dec 2004 20:47:43 +0100
El jue, 02 de 12 de 2004 a las 08:15, Daniel Hamburg escribió:
Hello everybody,
I’ve been looking around the net for a while, trying to find some theoretical and practical approaches to solve the
problem of analyzing encrypted traffic.
I know, that there is a need to decrypt the traffic before analyzing it, but I haven’t found any concrete solutions
neither for NIDS nor for HIDS yet. Some HIDS vendors announced that their products are capable of analyzing encrypted
traffic, but I didn’t succeed to find any details about that.
Does anybody know some products or papers which deal with the problem of analyzing encrypted traffic?
Thanks in advance,
Daniel Hamburg
Some people have had success using an squid proxy with the certificates
to decrypt the SSL traffic before sending it to the real web servers
and use a snort box after the squid proxy to see the unencrypted
traffic.
You can also try ssltunnel to handle other protocols but it's more
complicated.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac () bgsec com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Re: IDS, IPS and encrypted traffic, (continued)
|
Intro
