-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can anyone answer the following?
How does the RSSS matches signatures to decrypted SSL traffic on say an apache server? If the pam.TCPPORTS.http only contains 80 and not 443, does the engine ignore the decoded SSL traffic as it was heading for port 443, thus the signatures for HTTP_* are not parsed for that payload? If i do something like this https://myserver.com/../../../../etc/passwd i would expect to see either a DOT_DOT or PASSWORD signature event but i'm not. What am i doing wrong? Pointers to ISS white papers/docs would be good. Cheers, Nick. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD4DBQFDEi6JQzAslR0OE44RAiRoAJd6XN43lhQobLnMMLhC8tAZpWBtAJwMtg0r NGdbWdOGtBn/oTjCdfo+bA== =bS7A -----END PGP SIGNATURE----- _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
