Snort mailing list archives

Re: Encrypted sessions

From: Fyodor <fygrave () tigerteam net>
Date: Thu, 29 Nov 2001 08:56:03 +0700

On Thu, Nov 29, 2001 at 09:25:59AM +0800, Ju Kong Fui wrote:

Rather than building decryption module into snort, I suggest to build a host
based "snort", using the same signature as the existing network based
"snort". Both host based and network based "snort" can log to the same log
repository and then report it using ACID or any other reporting
plug-in/tools.


What do you mean by 'host based snort'? Running snort on loopback and
having another process which would act as 'ssl accelerator'? (stunnel
could do that f.e.). The only thing which you won't be able to see here
is the actual source of offending requests, you'll have to analyse
stunnel logs for that.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: Encrypted sessions, (continued)
- - Re: Encrypted sessions Fyodor (Nov 27)
- Encrypted sessions Michael Scheidell (Nov 27)
- RE: Encrypted sessions Ronneil Camara (Nov 27)
- RE: Encrypted sessions Bob Walder (Nov 28)
  - RE: Encrypted sessions Abe L. Getchell (Nov 28)
- RE: Encrypted sessions Tom Sevy (Nov 28)
- RE: Encrypted sessions Chris Eidem (Nov 28)
- RE: Encrypted sessions Ju Kong Fui (Nov 28)
  - RE: Encrypted sessions Abe L. Getchell (Dec 03)
- RE: Encrypted sessions Ju Kong Fui (Nov 28)
  - Re: Encrypted sessions Fyodor (Nov 28)