Snort mailing list archives
Packet Motel (was: brut force attack not detected)
From: Kiira Triea <kiira-t () mail bsasinc org>
Date: Thu, 26 Jul 2001 13:59:01 -0400 (EDT)
Matthew Francis wrote:
I've heard of this configuration a lot, but isnt it a security risk having one nic connected to the DMZ and another connected to the internal LAN? If someone were to comprimise this system in the DMZ they would have access to your LAN without having to 'break' the firewall(s). I understand that you can harden the Snort box but its still another way in.
It would be a bad thing if that nic had an IP on it. In Linux you can ifconfig an interface as "up" simply, no IP and it will then not be visable. There was some discussion that this could be a security hole as well though, though it seems an "acceptable" risk right now. I have made eth1 a read only interface by using a PCI NIC which has AUI port... get an AUI cable - a good one with metal shell which comes apart - and remove Tx pins 3 and 10. Then snort can snarf but can not be anti-sniffed or snafu'ed. Hmmm... I saw a cute little appliance size (7cmx25cmx29cm) box (cheap too, $250) with integrated all on MB, that would take 1 gig flipchip and an extra pci riser slot for a nic. Someone should sell these with the one way interface in it configured as a sensor and various configurations of sensors and IDS control console. Call it the "Snort-O-Matic 9000 - where packets check in but they don't check out!" Well, maybe not. Kiira _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- brut force attack not detected Anthony Geoffron (Jul 25)
- RE: brut force attack not detected John Berkers (Jul 26)
- RE: brut force attack not detected Franki (Jul 26)
- Re: brut force attack not detected Kiira Triea (Jul 26)
- RE: brut force attack not detected Matthew Francis (Jul 26)
- Packet Motel (was: brut force attack not detected) Kiira Triea (Jul 26)
- RE: brut force attack not detected Franki (Jul 26)
- RE: brut force attack not detected John Berkers (Jul 26)
- <Possible follow-ups>
- RE: brut force attack not detected Paul Smith (Jul 26)
- RE: brut force attack not detected Graeme Fowler (Jul 26)