El jue, 02 de 12 de 2004 a las 08:15, Daniel Hamburg escribiÃ:
Hello everybody,
Iâve been looking around the net for a while, trying to find some
theoretical and practical approaches to solve the
problem of analyzing encrypted traffic.
I know, that there is a need to decrypt the traffic before analyzing it, but
I havenât found any concrete solutions
neither for NIDS nor for HIDS yet. Some HIDS vendors announced that their
products are capable of analyzing encrypted
traffic, but I didnât succeed to find any details about that.
Does anybody know some products or papers which deal with the problem of
analyzing encrypted traffic?
Thanks in advance,
Daniel Hamburg
Some people have had success using an squid proxy with the certificates
to decrypt the SSL traffic before sending it to the real web servers
and use a snort box after the squid proxy to see the unencrypted
traffic.
You can also try ssltunnel to handle other protocols but it's more
complicated.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÃA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
