Snort mailing list archives
RE: Snort-Machine = Security Hole?
From: Andreas Steinmetz <ast () domdv de>
Date: Fri, 13 Jul 2001 18:55:22 +0200 (CEST)
You should be careful to believe an ethernet interface with no ip address assigned will not process any packets. Try the following on linux 2.2.19 (possibly other versions, too, but I'm running this kernel on my production systems): Set up a network interface with no IP address. Use ipchains to deny and log all packets on this interface. Send a udp packet with destination address 255.255.255.255 to this interface and watch the firewall log. Or, if the kernel supports multicasts, send a multicast packet to this interface and watch the firewall log. In both cases the the firewall happily reports the packet was rejected on input (at least on my systems) which just means that without firewalling the kernel would have processed and delivered these packets even as there is no ip assigned to the interface. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort-Machine = Security Hole? Thorsten Ziegler (Jul 11)
- Re: Snort-Machine = Security Hole? Ramin Alidousti (Jul 11)
- Re: Snort-Machine = Security Hole? barre (Jul 11)
- Re: Snort-Machine = Security Hole? Daniel Voyer (Jul 12)
- Re: Snort-Machine = Security Hole? Dan Hollis (Jul 12)
- <Possible follow-ups>
- RE: Snort-Machine = Security Hole? Crow, Owen (Jul 12)
- Snort-Machine = Security Hole? Davis, Scott (Jul 12)
- RE: Snort-Machine = Security Hole? Burleson, Lee (IA) (Jul 12)
- Re: Snort-Machine = Security Hole? Daniel Voyer (Jul 12)
- RE: Snort-Machine = Security Hole? ks (Jul 12)
- RE: Snort-Machine = Security Hole? Andreas Steinmetz (Jul 13)
- RE: Snort-Machine = Security Hole? Robert D. Hughes (Jul 13)
- RE: Snort-Machine = Security Hole? Dan Hollis (Jul 13)
- RE: Snort-Machine = Security Hole? Hawrylkiw, Dan G (Jul 17)
- Re: Snort-Machine = Security Hole? Ramin Alidousti (Jul 11)