Re: sniffing SSL (was OT: mod_ssl (apache) log entries -- wtf?)
Will Trillich wrote: but the odd part is, they didn't just come in from the top (first uri was not /). it reflects either a) the result of a prior drill-down or 2) an exact echo of my previous request, but somehow coming from outside in the internet. You may have already done this, but the first thing I would check is whether some interface somewhere on your LAN is misconfigured and set up as that MIT IP address. It seems unlikely that it's really coming from outside. As far as it being an echo: sometimes strange things can happen due to apache misconfiguration; like when the page references an image, but due to proxying, redirection, mod-perl handling, etc., apache wants to reload the page instead. Check out those style sheet references from the root, for example. Hmmm, makes me think the Apache machine itself may have that address configured somewhere... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
sniffing SSL (was OT: mod_ssl (apache) log entries -- wtf?)
* sean finney ([EMAIL PROTECTED]) [030220 07:00]: you could find out for sure by running the packet sniffer of your choice and dumping the whole conversation to a log, and then look at what kind of data the client was sending. oh wait... https... nevermind. there's probably a way to turn up verbosity on apache then :) Is there an easy way to decode a snarfed SSL session given that he has the server's private key? Theoretically it's possible, but I wonder if any of the popular sniffing/IDS tools facilitate it. good times, Vineet -- http://www.doorstop.net/ -- http://www.debian.org/ msg31965/pgp0.pgp Description: PGP signature
Re: sniffing SSL (was OT: mod_ssl (apache) log entries -- wtf?)
Vineet Kumar said: Is there an easy way to decode a snarfed SSL session given that he has the server's private key? Theoretically it's possible, but I wonder if any of the popular sniffing/IDS tools facilitate it. I believe dsniff can do this ... ?? nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: sniffing SSL (was OT: mod_ssl (apache) log entries -- wtf?)
On Thu, Feb 20, 2003 at 12:45:59PM -0800, Vineet Kumar wrote: Is there an easy way to decode a snarfed SSL session given that he has the server's private key? Theoretically it's possible, but I wonder if any of the popular sniffing/IDS tools facilitate it. but the odd part is, they didn't just come in from the top (first uri was not /). it reflects either a) the result of a prior drill-down or 2) an exact echo of my previous request, but somehow coming from outside in the internet. my lan is set up like this workstations 192.168.1.* | 192.168.1.5 firewall 192.168.0.5 | 192.168.0.1 server 11.22.33.44 | internet my requests were encrypted (https) from 192.168.1.* and were directed to the public interface of the server box, but from inside the lan. no traffic ever crossed the server/internet threshold. what gives? -- I use Debian/GNU Linux version 3.0; Linux server 2.4.20-k6 #1 Mon Jan 13 23:49:14 EST 2003 i586 unknown DEBIAN NEWBIE TIP #113 from Sebastiaan [EMAIL PROTECTED] : To CHANGE FROM FIXED TO DYNAMIC IP ADDRESS is simple: just edit /etc/network/interfaces and if eth0 is the interface to change, use: iface eth0 inet dhcp That should work. See 'man interfaces' for more information. Also see http://newbieDoc.sourceForge.net/ ... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]