Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: SSL & IDS

Re: SSL & IDS

From: Blue Boar <BlueBoar_at_THIEVCO.COM>
Date: Fri, 1 Sep 2000 18:09:54 -0700

Ed Padin wrote:
>
> I don't know of any IDS systems that can decode SSL traffic on the fly. An
> IDS just a smarter network sniffer. SSL and other encrypted protocols are
> used to prevent network sniffers from gleaning any information from network
> traffic. If there was an IDS that could read SSL traffic then SSL would be a
> joke.
>
 I don't know of any that do this, but you could certainly build an IDS
that
could decode SSL. You just have to share the web server's private key with
the IDS system. (The original poster wanted to monitor his own web
server.)

This shouldn't pose significantly more risk than having the private key
sitting on the web server itself or on an outboard SSL accelerator, which
you'll have to do if you want to serve SSL.

                                        BB
Received on Sep 02 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos