Re: Commercial Advanced Packet Sniffers, how do they do this? Application signatures?

[Jason Haar <Jason.Haar () trimble co nz>]

On 01/24/2010 09:40 AM, Jason Brvenik wrote:
> Snort itself has had these capabilities for a long time and they have
> been use for various purposes by all manner of folks.
>
>   

Don't forget they all cannot handle SSL-based traffic directly - and
that still doesn't cover Skype. Exception: I know Bluecoat do a big
song-and-dance about their inline SSL support. You have to reconfigure
all software clients to either disable/ignore SSL hostname mismatches
(ie disable the "trusted" bit of SSL!), or create a Bluecoat CA and
dynamically generate new "fake" certs for every SSL server you access
(ie "trust" your Bluecoat admin won't steal your credit card).

I see Squid is working on similar technology too - interesting times...

 When will we see inline snort dynamically create fake server certs? ;-)

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users