Pfsense has DPI with SSL / TLS / SSH Decryption?
-
@gertjan said in Pfsense has DPI with SSL / TLS / SSH Decryption?:
Short answer which covers 99,9 % of all usage cases : No.
What the heck was the question?
-
@jknott said in Pfsense has DPI with SSL / TLS / SSH Decryption?:
@gertjan said in Pfsense has DPI with SSL / TLS / SSH Decryption?:
Short answer which covers 99,9 % of all usage cases : No.
What the heck was the question?
Not this :
@emmanuelsiqueira said in Pfsense has DPI with SSL / TLS / SSH Decryption?:
Pfsense has DPI with SSL / TLS and SSH Decryption?
The questions was edited.
It was more something like : "how to DPI with pfSense".Guess he's off watching some MITM youtube horrors. Wonder if he comes back.
-
What I always find funny.. Is users want to hide their shit.. ISP is spying on me.. I have to encrypt everything - even my dns.. Inside a tcp tunnel even.
If you thought it was so easy to decrypt tls/ssh - what good would you think all this encrypting all your traffic would do?
-
Let me know if I did well in my question?
Pfsense has Snort with OpenAppID, right?
Could we consider that Pfsense is a New Generation Firewall with security against ransomware or encrypted p2p connections? -
@johnpoz said in Pfsense has DPI with SSL / TLS / SSH Decryption?:
What I always find funny.. Is users want to hide their shit.. ISP is spying on me..
That's nonsense. Everyone, except Trump, knows it's the Russians spying on everyone.
I've also wondered why so many people are so paranoid. Maybe I should get into the tinfoil hat business.
-
@jknott said in Pfsense has DPI with SSL / TLS / SSH Decryption?:
I've also wondered why so many people are so paranoid
Not that they are paranoid - but that they are but think they can click a button and defeat the encryption.. If the encryption can be defeated/circumvented/broken/spied on - then its pretty useless encryption in the first place..
-
@johnpoz said in Pfsense has DPI with SSL / TLS / SSH Decryption?:
then its pretty useless encryption in the first place..
I hear ROT13 is really good.
-
@gertjan Let me know if I did well in my question?
Pfsense has Snort with OpenAppID, right?
Could we consider that Pfsense is a New Generation Firewall with security against ransomware or encrypted p2p connections? -
@emmanuelsiqueira said in Pfsense has DPI with SSL / TLS / SSH Decryption?:
Pfsense is a New Generation Firewall
pfSense is a router firewall based on FreeBSD. It uses "pf" (aha !) as it's firewall.
pf is for FreeBSD what 'iptables' is for Linux.pf (and iptables for that matter) handle Ethernet traffic, so called packets upon the headers of these packets. They do not access the data payload, which is our html page request, a part of an email, a VPN tunnel or whatever the pay load might be.
The security part is based on what can be done with these packet headers.
NOT the payload.I'm not a snort expert ( maybe @bmeeks has link which explains it all, as he explained everything already xx times here ) but I know that snort can't 'see' the app. It sees traffic, the packets. It should 'see' the data, the pay load, to 'know' what the traffic is all about == profiling it - or what people tend to say : OpenAppID.
So, I tend to say : no, no security, as the payload is not visible any more.
To no one.You might be able to filter on destination IP (the IP is part of the header) - or the URL used to access the IP (DNSBL based).
Again : a small Youtube session will tell you everything.
Snort, Squid and all alike are experts only tools.
@JKnott : Way to complex, go for the XOR method.
-
@gertjan said in Pfsense has DPI with SSL / TLS / SSH Decryption?:
pf (and iptables for that matter) handle Ethernet traffic, so called packets upon the headers of these packets.
Actually, it handles IP traffic, including IPv6. I'm sure it would work equally well on token ring or arcnet frames.