[Oisf-devel] Features - ARP spoofing detection and SSL Decryption

[Jerry]

Hi everybody,
we've given some thoughts with friends regarding Suricata and I was 
unsure about things mentioned in $SUBJect.

Is there a feature in Suricata, that's capable of detecting IP/MAC 
address fast change - for example detecting when someone uses ettercap 
and its Man-in-the-middle capabilities in network?

SSL Decryption - are you planning a feature, that's going to be capable 
introspecting SSL-encrypted traffic when you upload server private key 
to Suricata?

Thanks

Jerry

-- 
Defending network against intrusion is like trying to keep a squid inside a mesh bag. Question is, who will give up first :)