Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [ISSForum] Abour Ssl Scanners And ISS Proventia
From: Soldatov, Sergey V. (SVSoldatovtnk-bp.com)
Date: Thu Jan 18 2007 - 08:34:00 CST
Yes, you're right. It is MITM: WebWasher (WW) generates cert for
destination site and send it to the client, so client thinks that WW is
Web-server. The trick here is that if WW's cert is issued by trusted CA,
client will not get any warnings.
Best regards, Sergey V. Soldatov.
Information security department.
tel/fax +7 495 745 89 50
tel +7 495 777 77 07 (1613)
> -----Original Message-----
> From: issforum-bouncesiss.net
> [mailto:issforum-bouncesiss.net] On Behalf Of Devrim Kalmaz
> Sent: Monday, September 25, 2006 1:58 PM
> To: issforumiss.net
> Subject: [ISSForum] Abour Ssl Scanners And ISS Proventia
> Hi all
> Webwasher has an ssl scanner and claims that it find viruses
> and spys in the https traffic.
> I can't find any document about how scanner can do that.
> I think it decr. the https and scan the data and then encr.
> it again with self CA trusted cert.So a kind of MITM attack.Is it so?
> And also ISS proventia has capability of analyze MITM attack
> but can proventia analyze ssl traffic (the same way of
> webwasher do or ?) to find attacks ?
> Devrim KALMAZ
> ISSForum mailing list
> TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
> To contact the ISSForum Moderator, send email to mod-issforumiss.net
> The ISSForum mailing list is hosted and managed by Internet
> Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
ISSForum mailing list
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforumiss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.