tis 2007-05-29 klockan 00:18 +0800 skrev Adrian Chadd: > Are there any fingerprint bits in the SSL exchange which would tell > you its at least SSL encrypted traffic, versus just traffic not tunneled > inside SSL? Thats probably a good starting point. The initial hello message exchange isn't too hard to identify. But there is a couple different ones (SSLv2, SSLv3, TLS), and who knows what the future revisions will look like.. One very trivial thing which doesn't require any payload inspection byt yet would block at least SSH, SMTP, POP and IMAP is to require the client to send the first packet. The SSH protocols all start with the client sending a hello message, while in most Internet application protocols it's the server which sends the hello message.. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
