Hello, and welcome!
I know little of tools like SSLBump. I understand the desire to control one's own systems, but deploying an intentional MITM attack against SSL as some sort of IDS seems like squashing a bug with an RPG. We are, of course, discussing a rootkit of the future.
And with a compromised system you've got many more worries than just choking off one C&C access path.
I wonder if Snort or another IDS can detect this type of usage. I don't use 'em any more, myself, as they seem to have way too many useless false positives.
Last edited by jggimi; 15th July 2013 at 04:44 PM.
Reason: typo, clarity
|