[jggimi]

Hello, and welcome!

I know little of tools like SSLBump. I understand the desire to control one's own systems, but deploying an intentional MITM attack against SSL as some sort of IDS seems like squashing a bug with an RPG. We are, of course, discussing a rootkit of the future.

And with a compromised system you've got many more worries than just choking off one C&C access path.

I wonder if Snort or another IDS can detect this type of usage. I don't use 'em any more, myself, as they seem to have way too many useless false positives.