Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Encrypted sessions

From: Mike Shaw <mshaw () wwisp com>
Date: Tue, 27 Nov 2001 15:25:02 -0600
No network based IDS is going to be able to see a signature in an encrypted session of any kind. That goes for Snort or any commercial network IDS. If they could see encrypted traffic, so could any eavesdropper.
The vendor may be trying to sell you a host based IDS/integrity checker, in which case it's apples and oranges. Host based and network based IDS are two different animals, and should be used to compliment not replace each other.
The vendor could also be conveniently omitting that their own NIDS doesn't work with encrypted traffic. The ol' Jedi mind trick. 

-Mike

At 02:53 PM 11/27/2001 -0600, Ronneil Camara wrote:

How does snort deal with encrypted communication. Let say, I would to
monitor https connection to my web server or we've got an encrypted
connection to other mail server. Would snort know about those attacks?

This is what the big vendor company mentioned to me about snort's
weakness.

Thanks.

Neil

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: