IDS mailing list archives
Re: Bittorrent - utorrent
From: Hari Sekhon <hpsekhon () googlemail com>
Date: Tue, 13 Mar 2007 15:20:04 +0000
does anyone understand how these products can inspect SSL?Perhaps I could understand if it was just the bitorrent encypted traffic... but surely SSL is designed to be encrypted end to end?
You'd have to intercept the certificate and replace it, prompting a warning to the user.
The only other way I can think of would be something like a cryptographic weakness in SSL or brute forcing it somehow, but this seems like it would take a ridiculous amount of computing power and just doesn't seem possible...
If SSL is truely decryptable on the fly in real-time in this way (or even just from packet captures after some effort) it would effectively render all e-business too dangerous to ever do again. I'd never buy another book from Amazon ever again!
Anyone care to explain how these products are supposed to work and if they really can decrypt SSL or if this is marketing speech for noticing encrypted patterns which isn't the same thing?
-h Hari Sekhon Kevin Overcash wrote:
Breach Security has a product called BreachView SSL that passively decrypts SSL traffic for an IDS without terminating the SSL session. The product comes as either a software plug-in or an appliance.http://www.breach.com/products_breachviewssl.aspI can't (although personally I haven't encrypted bitorrent so ko -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Panayiotis Psihoyios Sent: Thursday, March 08, 2007 10:01 AM To: 'Ove Dalgård Hansen'; focus-ids () securityfocus com Subject: RE: Bittorrent - utorrent Since it is going through SSL (and no IDS can look into SSL), you have two options:Plan A: Deny SSL traffic, but that usually this is not possible,Plan B: Let your users out through a proxy server, which will identify non-browser traffic using http/s header inspection. Configure your firewall to permit HTTP/S out only from your proxy and not your clients. Regards, Panayiotis -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ove Dalgard Hansen Sent: Wednesday, March 07, 2007 9:38 PM To: focus-ids () securityfocus com Subject: Bittorrent - utorrent Hello Everyone, I am in a bit of trouble, On a network where i am configuring IDS - using ASA5510 + SSM module, we try to deny access to Bittorrent downloads - it consumes quite a bit of bandwith and is not allowed by the company's policy. We try to filter bittorrent which succedes - but the utorrent changes protocol and goes by the SSL port 443 and thereby circumvent the IDS, sinceits not possible to see the encrypted traffic.Does anyone out there have a good idea of how i am to solve the issue? Best Regards Ove HansenIT-Quality A/S Banemarksvej 50FDenmark - 2605 ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------
Current thread:
- Bittorrent - utorrent Ove Dalgård Hansen (Mar 08)
- RE: Bittorrent - utorrent Panayiotis Psihoyios (Mar 09)
- RE: Bittorrent - utorrent dpat (Mar 12)
- RE: Bittorrent - utorrent Kevin Overcash (Mar 12)
- Re: Bittorrent - utorrent Fredrik Nordgren (Mar 13)
- Re: Bittorrent - utorrent Hari Sekhon (Mar 14)
- Re: Bittorrent - utorrent Stefano Zanero (Mar 14)
- Re: Bittorrent - utorrent Hari Sekhon (Mar 13)
- Re: Bittorrent - utorrent Tremaine Lea (Mar 14)
- Re: Bittorrent - utorrent jhori (Mar 14)
- Message not available
- Fwd: Bittorrent - utorrent kevin fielder (Mar 14)
- Re: Bittorrent - utorrent Robert Schwartz (Mar 14)
- Re: Bittorrent - utorrent Tremaine Lea (Mar 14)
- Re: WAS: Bittorrent - utorrent NOW: Certificate Talk Randal T. Rioux (Mar 19)
- Re: WAS: Bittorrent - utorrent NOW: Certificate Talk Tremaine Lea (Mar 19)
- RE: WAS: Bittorrent - utorrent NOW: Certificate Talk Erick Jensen (Mar 20)
- RE: Bittorrent - utorrent Panayiotis Psihoyios (Mar 09)
- Re: Bittorrent - utorrent Roland Turner (Security Focus) (Mar 14)