[OpenIndiana-discuss] Who is trying to break in ?
David Brodbeck
brodbd at uw.edu
Tue Jun 30 20:04:21 UTC 2015
On Mon, Jun 29, 2015 at 2:02 AM, Jim Klimov <jimklimov at cos.ru> wrote:
> Got no qualms about ssh (or openvpn) on port 443 - indeed, if one sets up
> something non-standard, gotta be ready for the consequences. And to all
> ids'es and sniffers, cryptotraffic looks much the same (different dynamic
> flow patterns may be discerned by the smarter filters out there though).
>
I think you underestimate sniffers and IDS's. While it's true that
individual TCP packets in an encrypted stream may look the same, TLS and
SSH have very different initial negotiation routines. I've never
encountered a sniffer that did protocol identification and didn't know the
difference.
Now, distinguishing between two protocols that *both* use TLS would be more
difficult.
--
D. Brodbeck
System Administrator, Linguistics
University of Washington
GPG key fingerprint: 0DB7 4B50 8910 DBC5 B510 79C4 3970 2BC3 2078 D875
More information about the openindiana-discuss
mailing list