[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sniffing SSL (was OT: mod_ssl (apache) log entries -- wtf?)

On Thu, Feb 20, 2003 at 12:45:59PM -0800, Vineet Kumar wrote:
> Is there an easy way to decode a snarfed SSL session given
> that he has the server's private key?  Theoretically it's
> possible, but I wonder if any of the popular sniffing/IDS
> tools facilitate it.

but the odd part is, they didn't just come in from the top
(first uri was not "/"). it reflects either a) the result of a
prior drill-down or 2) an exact echo of my previous request, but
somehow coming from outside in the internet.

my lan is set up like this

	workstations
	192.168.1.*
	  |
	192.168.1.5
	firewall
	192.168.0.5
	  |
	192.168.0.1
	server
	11.22.33.44
	  |
	internet

my requests were encrypted (https) from 192.168.1.* and were
directed to the public interface of the server box, but from
inside the lan. no traffic ever crossed the server/internet
threshold. what gives?

-- 
I use Debian/GNU Linux version 3.0;
Linux server 2.4.20-k6 #1 Mon Jan 13 23:49:14 EST 2003 i586 unknown
 
DEBIAN NEWBIE TIP #113 from Sebastiaan <S.Breedveld@ITS.TUDelft.NL>
:
To CHANGE FROM FIXED TO DYNAMIC IP ADDRESS is simple:
just edit /etc/network/interfaces and if eth0 is the interface
to change, use:
	iface eth0 inet dhcp
That should work. See 'man interfaces' for more information.

Also see http://newbieDoc.sourceForge.net/ ...
Reply to: