Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Code Red and port 443 (was RE: Code Red HELP!!!!)

From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 8 Aug 2001 10:13:16 -0700 (PDT)
On Wed, 8 Aug 2001, Mike Johnson wrote:


If you were really this concerned about your SSL traffic, you've
got a couple options.  You can buy on of Intel's (someone else may
make them, as weel) SSL accelerators that sit in front of your
server.  It acts as the SSL endpoint and spits plain text out
the back end to your web servers.  So, the traffic is protected
across the big nasty Internet, but it's clear text to your
web servers.  You would then put snort on the part of the network
where the traffic is in clear text.  Your other option is to
try something similar with stunnel.


Someone PLEASE correct me if I'm wrong but.....

SSL uses keys.  You should have the key to the servers you control.  Grab the
key.  You could then have a ssl-decode plugin that uses the key to decode the
traffic and then pass it thru snort.

Of course, I'm not a coder and I'm not a ssl person (at all!) so I might be
smokin' crack.  ;-)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: