Re: [loganalysis] Logging standards and such

From: Brian Hatch (loganalysisat_private)
Date: Wed Aug 15 2001 - 16:08:01 PDT

  • Next message: Jas Amidzic: "[loganalysis] Cisco ICMP logs (144/53)"

    > Why not https?  Why not SSH tunnels?  
    > 1) SSH Tunnels are more simple to setup.
    > 2) SSH is more widely available (i.e. more likely to exist on a wider range
    > of systems)
    > 3) SSH isn't bound to the antiquated standards of data
    > transfer that are imposed by HTTPS.  Yes, implementing a
    > read/write packet-level protocol won't be as easy to
    > implement, but it could prove to be faster and more
    > portable.
    
    Wait, are you saying that you'd rather have your machines
    able to log into each other to set up an SSH tunnel rather
    than writing a protocol that uses SSL?  SSL != HTTPS.  Either
    the app could be SSL aware (best option) or you could set up
    an SSL tunnel with any of the various tools out there, such as
    
    	server$ stunnel -r 127.0.0.1:STANDARD_PORT -d SSL_PORT 
    	client$ stunnel -d 127.0.0.1:STANDARD_PORT -r server:SSL_PORT -c
    
    The client is configured to talk to 127.0.0.1 on the STANDARD_PORT,
    like it normally would.  However this connetion is silently
    tunneled via SSL to the STANDARD_PORT on the server.  No HTTPS,
    mind you, just straight SSL.
    
    Now none of this requires that either machine can SSH to the other.
    That, in my mind, is a big plus.  And none of those stunnel commands
    need run as root unless you want STANDARD_PORT to be <1024.
    
    
    
    
    --
    Brian Hatch                Lead me not into temptation
       Systems and              I can find the way myself.
       Security Engineer
    www.hackinglinuxexposed.com
    
    Every message PGP signed
    
    
    



    This archive was generated by hypermail 2b30 : Thu Aug 16 2001 - 08:37:57 PDT