Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ISSForum] RSSS and SSL traffic

from [Stephan Lüdorf] Network Security [Permanent Link]
Subject: Re: [ISSForum] RSSS and SSL traffic
Date: Fri, 9 Sep 2005 15:51:39 +0200 
Nick,

For network or server sensor?

If using network sensors a so called ssl-proxy is recommended. If a server 
sensor is in place it should be Apache on Microsoft for ssl-decryption.


Mit freundlichen Gruessen / Best regards,


Stephan Luedorf


-----Original Message-----
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net] On Behalf Of 
Nicholas Cross
Sent: Sunday, August 28, 2005 11:37 PM
To: issforum; robert.sneddon@uk.fujitsu.com; simon.doyle@uk.fujitsu.com; Cross 
Nick
Subject: [ISSForum] RSSS and SSL traffic

* PGP Signed by an unknown key: 08/28/2005 at 10:37PM Can anyone answer the 
following?

How does the RSSS matches signatures to decrypted SSL traffic on say an apache 
server?

If the pam.TCPPORTS.http only contains 80 and not 443, does the engine ignore 
the decoded SSL traffic as it was heading for port 443, thus the signatures for 
HTTP_* are not parsed for that payload?

If i do something like this https://myserver.com/../../../../etc/passwd
i would expect to see either a DOT_DOT or PASSWORD signature event but i'm not. 
 What am i doing wrong?

Pointers to ISS white papers/docs would be good.

Cheers,

Nick.
* Unknown Key
* 0x1D0E138E (L)


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.


*****************************************************************************
Probleme mit Spam Mails?
Glauben Sie, Ihr Viren- und Spam Schutz kostet Sie zuviel?
Dann testen Sie e:scan V3 powered by postini kostenlos mit unserer Trial 
Version!!

Mehr Infos unter:
http://www.integralis.de/services_managed_services_escan.php
*****************************************************************************

Please note that:
 
1. This e-mail may constitute privileged information. If you are not the 
intended recipient, you have received this confidential email and any 
attachments transmitted with it in error and you must not disclose, copy, 
circulate or in any other way use or rely on this information.
2. E-mails to and from the company are monitored for operational reasons and in 
accordance with lawful business practices.
3. The contents of this email are those of the individual and do not 
necessarily represent the views of the company.
4. The company does not conclude contracts by email and all negotiations are 
subject to contract.
5. The company accepts no responsibility once an e-mail and any attachments is 
sent.

http://www.integralis.com


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: [ISSForum] RSSS and SSL traffic, Stephan Lüdorf <=
Previous by Date:  Re: [ISSForum] G400 blocked, Stephan Lüdorf
Next by Date:  [ISSForum] ARP Pisoning, etc., Soldatov, Sergey V.
Previous by Thread:  [ISSForum] Where find XPU_2_52.xml?, Matveev Konstantin
Next by Thread:  [ISSForum] ARP Pisoning, etc., Soldatov, Sergey V.
Indexes:  [Date] [Thread] [Top] [All Lists]