Snort mailing list archives
RE: Antwort: RE: Snort-Machine = Security Hole?
From: "Crow, Owen" <Owen_Crow () bmc com>
Date: Thu, 12 Jul 2001 11:10:38 -0500
Lack of a default gateway is another obstacle, but not insurmountable if you have root on the vulnerable box. Most modern worms attempt multiple methods of getting back to their masters, from direct connection to finding another, better connected system to compromise. All of the above rests on the possibility that an attacker can squeeze enough instructions into a buffer overflow exploit to actively continue the compromise despite being cut off from the Internet. I haven't seen it yet, but I'm sure we will in the next 5 years. I agree cutting send wires protects from all known attacks. I'm attempting to protect against PFTF attacks (paranoid-fantasy, theoretical-future :). Owen -----Original Message----- From: ks () schuricht de [mailto:ks () schuricht de] Sent: Thursday, July 12, 2001 10:26 AM To: snort-users () lists sourceforge net Subject: Antwort: RE: [Snort-users] Snort-Machine = Security Hole? Hi, but how a machine without default gateway open a connection to outer 'space'. And, if you also deny any outgoing paket from the 'snort-machine' to internet ? Seems impossible. But what happens, if they hack your frontfirewall ? ;) Best solution seems to cut the sendwires from the snort-machine from the cable connected to the dmz ;) Bye, Kai. -- Abt. eBusiness / Entwicklung D. Schuricht GmbH & Co. KG http://www.schuricht.de _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Antwort: RE: Snort-Machine = Security Hole? ks (Jul 12)
- Re: Antwort: RE: Snort-Machine = Security Hole? Daniel Voyer (Jul 12)
- <Possible follow-ups>
- RE: Antwort: RE: Snort-Machine = Security Hole? Crow, Owen (Jul 12)
- Re: Antwort: RE: Snort-Machine = Security Hole? Ramin Alidousti (Jul 12)
- RE: Antwort: RE: Snort-Machine = Security Hole? Crow, Owen (Jul 12)
- Re: Antwort: RE: Snort-Machine = Security Hole? Ramin Alidousti (Jul 12)
- RE: Antwort: RE: Snort-Machine = Security Hole? Steve Hutchins (Jul 12)
- RE: Antwort: RE: Snort-Machine = Security Hole? Frank Knobbe (Jul 12)
- Re: Antwort: RE: Snort-Machine = Security Hole? Ramin Alidousti (Jul 12)