Snort mailing list archives
Snort-Machine = Security Hole?
From: "Davis, Scott" <Scott_Davis () troweprice com>
Date: Thu, 12 Jul 2001 12:24:16 -0400
I am have setup very similar environments and agree there is minimal risk. Here is what I have: - Snort running on linux box with 2 interfaces eth0 and eth1 - eth0 is 192.168.x.x eth1 has no ip address - eth1 is plugged into a hub outside firewall - eth0 is plugged into switch inside my firewall - firewall has rule to block any outbound traffic from IP address 192.168.x.x (eth0) In this case, if any attacker sent a buffer overflow to my network, the snort box would pick it up. Even if the attack caused the snort box to open a connection back to the attackers machine over eth0, the firewall would block the request. The worst case would be the compromised snort box *could* attack one of the boxes inside my network. But because I am a good security practitioner, I have a separate snort box running on my internal network, all my boxes are patched against the latest attacks and host based IDS is running on those boxes. Good security is layers, if any of my tools, router, firewall, IDS, are compromised there should be other tools that protect the infrastructure. Just my .02 ! All opinions welcome. Thanks, Scott Davis Internet Security Specialist _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort-Machine = Security Hole? Thorsten Ziegler (Jul 11)
- Re: Snort-Machine = Security Hole? Ramin Alidousti (Jul 11)
- Re: Snort-Machine = Security Hole? barre (Jul 11)
- Re: Snort-Machine = Security Hole? Daniel Voyer (Jul 12)
- Re: Snort-Machine = Security Hole? Dan Hollis (Jul 12)
- <Possible follow-ups>
- RE: Snort-Machine = Security Hole? Crow, Owen (Jul 12)
- Snort-Machine = Security Hole? Davis, Scott (Jul 12)
- RE: Snort-Machine = Security Hole? Burleson, Lee (IA) (Jul 12)
- Re: Snort-Machine = Security Hole? Daniel Voyer (Jul 12)
- RE: Snort-Machine = Security Hole? ks (Jul 12)
- RE: Snort-Machine = Security Hole? Andreas Steinmetz (Jul 13)
- RE: Snort-Machine = Security Hole? Robert D. Hughes (Jul 13)
- RE: Snort-Machine = Security Hole? Dan Hollis (Jul 13)
- RE: Snort-Machine = Security Hole? Hawrylkiw, Dan G (Jul 17)
- Re: Snort-Machine = Security Hole? Ramin Alidousti (Jul 11)