Snort mailing list archives
RE: firewalling snort machine
From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
Date: Thu, 21 Feb 2002 16:58:33 -0500
To follow up the previous response, you WANT two interfaces. If I can find out the IP address of your sensor, I can attempt to interfere and/or disable the system at that address. Or, even worse, I can attempt to flat out compromise the system! So instead, we use a second interface without an IP address, so that simply knocking down the box is not an option for an attacker. Then you use the other interface (with an IP) on an unreachable, internal network for system management. To answer your follow-up questions: 1) I would highly recommend that you rethink this. It is generally considered to be a VERY BAD practice to make your most critical security systems available to the outside world. You just don't do it. Use an internal interface for management. Your sensor should never be visible, in any fashion, to the outside world. It should see without being seen. 2) You could, and it would not affect Snort's operation. However, I recommend that you read item 1. Cheers Keith -----Original Message----- From: Basil Saragoza [mailto:snortlst () hotmail com] Sent: Thursday, February 21, 2002 4:36 PM To: Erek Adams Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] firewalling snort machine Maybe I miss something here, but: 1.I want to be able to that machine over the internet to connect via https. 2. Why can't I just firewall it and leave only 443 open? m/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- firewalling snort machine Basil Saragoza (Feb 21)
- Re: firewalling snort machine Erek Adams (Feb 21)
- Re: firewalling snort machine Basil Saragoza (Feb 21)
- Re: firewalling snort machine Erek Adams (Feb 21)
- Re: firewalling snort machine dr . kaos (Feb 22)
- Re: firewalling snort machine Basil Saragoza (Feb 21)
- <Possible follow-ups>
- RE: firewalling snort machine Sean T. Ballard (Feb 21)
- Re: firewalling snort machine Basil Saragoza (Feb 21)
- Re: firewalling snort machine Saad Kadhi (Feb 21)
- Re: firewalling snort machine Basil Saragoza (Feb 21)
- RE: firewalling snort machine McCammon, Keith (Feb 21)
- RE: firewalling snort machine Semerjian, Ohanes (Feb 21)
- RE: firewalling snort machine Salisko, Rick (Feb 22)
- RE: firewalling snort machine Erek Adams (Feb 22)
- Re: firewalling snort machine Basil Saragoza (Feb 22)
- Re: firewalling snort machine Erek Adams (Feb 22)
- RE: firewalling snort machine Erek Adams (Feb 22)
- Re: firewalling snort machine Erek Adams (Feb 21)
- RE: firewalling snort machine McCammon, Keith (Feb 22)
- Re: firewalling snort machine Erek Adams (Feb 22)
- RE: firewalling snort machine Salisko, Rick (Feb 25)