Hey all,
So I'm going to try and get some visibility into tls traffic. Not
concerned with the sslbumping of the traffic, but what I DON'T know
what to do is what to do with the traffic once it's decrypted. This
squid machine runs IDS software as well, so my hope was to have the IDS
software list
On 27/09/2016 12:41 a.m., James Lay wrote:
> Hey all,
>
> So I'm going to try and get some visibility into tls traffic. Not
> concerned with the sslbumping of the traffic, but what I DON'T know
> what to do is what to do with the traffic once it's decrypted. This
> squid machine runs IDS softwar
On 2016-09-26 06:50, Amos Jeffries wrote:
On 27/09/2016 12:41 a.m., James Lay wrote:
Hey all,
So I'm going to try and get some visibility into tls traffic. Not
concerned with the sslbumping of the traffic, but what I DON'T know
what to do is what to do with the traffic once it's decrypted. Th
On 09/26/2016 05:41 AM, James Lay wrote:
> So I'm going to try and get some visibility into tls traffic. Not
> concerned with the sslbumping of the traffic, but what I DON'T know what
> to do is what to do with the traffic once it's decrypted. This squid
> machine runs IDS software as well, so my
On 2016-09-26 08:30, Alex Rousskov wrote:
On 09/26/2016 05:41 AM, James Lay wrote:
So I'm going to try and get some visibility into tls traffic. Not
concerned with the sslbumping of the traffic, but what I DON'T know
what
to do is what to do with the traffic once it's decrypted. This squid
m
On 09/26/2016 08:43 AM, James Lay wrote:
> So, from what I've read, it appears that
> squid sends the data to a listening ICAP/eCAP service, which in turn the
> IDS can access, depending on the IDS...is that about right?
Not exactly.
Yes, Squid sends the message to the adaptation service ("listen
On 2016-09-26 08:52, Alex Rousskov wrote:
On 09/26/2016 08:43 AM, James Lay wrote:
So, from what I've read, it appears that
squid sends the data to a listening ICAP/eCAP service, which in turn
the
IDS can access, depending on the IDS...is that about right?
Not exactly.
Yes, Squid sends the
On 09/26/2016 08:55 AM, James Lay wrote:
> any recommended open source ICAP/eCAP services that squid works well with?
You do not need an ICAP/eCAP service that Squid works well with. You
need an ICAP/eCAP service that integrates with your IDS. All production
ICAP/eCAP services are doing some speci
On 2016-09-26 10:40, Alex Rousskov wrote:
On 09/26/2016 08:55 AM, James Lay wrote:
any recommended open source ICAP/eCAP services that squid works well
with?
You do not need an ICAP/eCAP service that Squid works well with. You
need an ICAP/eCAP service that integrates with your IDS. All produc