Snort mailing list archives
RE: brut force attack not detected
From: "Matthew Francis" <mf () in-tuition co uk>
Date: Thu, 26 Jul 2001 15:34:08 +0100
I've heard of this configuration a lot, but isnt it a security risk having one nic connected to the DMZ and another connected to the internal LAN? If someone were to comprimise this system in the DMZ they would have access to your LAN without having to 'break' the firewall(s). I understand that you can harden the Snort box but its still another way in. ----- Matthew Francis mf () in-tuition co uk http://www.In-Tuition.co.uk -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Kiira Triea Sent: 26 July 2001 15:10 To: snort-users () lists sourceforge net Subject: Re: [Snort-users] brut force attack not detected
Hi everyone,, I have a non configurable 8 port switch that we use for just a section
that
we seperate from the rest of our network,, How would I set that up to work as a monitor port? rgds Frank
Hi... Well if you cannot mirror a range or all of the ports on that switch then a snort sensor can only see the traffic destined for its own nic - probably not too useful. Where does that switch uplink on your lan? If it is another switch you see the problem again. Most switches do allow such a configuration - I have my DMZ zone boxes on a small Asante switch and I mirror all traffic to the 100 Mbit port where my snort sensor listens to eth1. The other nic is plugged into a LAN switch port which has mirrored the machines I need to sniff inside. I also sometimes break out groups of users onto a spare hub from the switch and plug in the snort nic there in order to diagnose problems. HTH, Kiira _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- brut force attack not detected Anthony Geoffron (Jul 25)
- RE: brut force attack not detected John Berkers (Jul 26)
- RE: brut force attack not detected Franki (Jul 26)
- Re: brut force attack not detected Kiira Triea (Jul 26)
- RE: brut force attack not detected Matthew Francis (Jul 26)
- Packet Motel (was: brut force attack not detected) Kiira Triea (Jul 26)
- RE: brut force attack not detected Franki (Jul 26)
- RE: brut force attack not detected John Berkers (Jul 26)
- <Possible follow-ups>
- RE: brut force attack not detected Paul Smith (Jul 26)
- RE: brut force attack not detected Graeme Fowler (Jul 26)