RE: Antwort: RE: Snort-Machine = Security Hole?

["Crow, Owen" <Owen_Crow () bmc com>]

Lack of a default gateway is another obstacle, but not insurmountable if you
have root on the vulnerable box.  Most modern worms attempt multiple methods
of getting back to their masters, from direct connection to finding another,
better connected system to compromise.

All of the above rests on the possibility that an attacker can squeeze
enough instructions into a buffer overflow exploit to actively continue the
compromise despite being cut off from the Internet.  I haven't seen it yet,
but I'm sure we will in the next 5 years.

I agree cutting send wires protects from all known attacks.  I'm attempting
to protect against PFTF attacks (paranoid-fantasy, theoretical-future :).

Owen

-----Original Message-----
From: ks () schuricht de [mailto:ks () schuricht de]
Sent: Thursday, July 12, 2001 10:26 AM
To: snort-users () lists sourceforge net
Subject: Antwort: RE: [Snort-users] Snort-Machine = Security Hole?



Hi,

but how a machine without default gateway open a connection
to outer 'space'. And, if you also deny any outgoing paket from
the 'snort-machine' to internet ?

Seems impossible.

But what happens, if they hack your frontfirewall ? ;)

Best solution seems to cut the sendwires from the snort-machine
from the cable connected to the dmz ;)

Bye,
  Kai.
--
Abt. eBusiness / Entwicklung
D. Schuricht GmbH & Co. KG
http://www.schuricht.de

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users