Snort mailing list archives
Re: Attack on snort running in Public Zone
From: MH <procana () insight rr com>
Date: Fri, 14 Nov 2003 22:04:31 -0500
Hi KS, If you assign a routable address to your snort sensor, it will be directly exposed to all the things any other system on the Internet are exposed to (including (D)DOS attacks). All of the *external* sensors that I have deployed run OpenBSD with very restrictive pf rulesets. I would never recommend that anyone put an ms system outside of a firewall especially with a *live* ip address. Then again, I wouldn't recommend anyone put an ms system inside of a firewall either ;) Is it necessary that you assign an ip address to your external sensor? You might want to consider not binding any address. Hope this helps, Mike On Mon, Nov 10, 2003 at 08:48:11PM +0530, KS wrote:
Helllo Everybody. I have snort running on win2k and it is working fine so far.I had placed it in DMZ to monitor the malicious traffic passing through firewall and Now i want to put another snort win2k system in Public zone i.e in between my router and firewall so i can know which traffic is actually hitting the outside interface of my firewall. My concern is : Since my snort system ( win2k ) is gonna be on public IP address , what will happen if somebody runs a Denial of service attack on my snort system itself. How can i be sure that my snort system running on win2k is safe from DOS attack ? Thanks KS
------------------------------------------------------- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Attack on snort running in Public Zone KS (Nov 14)
- RE: Attack on snort running in Public Zone KS (Nov 14)
- Re: RE: Attack on snort running in Public Zone james (Nov 14)
- Re: RE: Attack on snort running in Public Zone Scot Scot (Nov 14)
- RE: RE: Attack on snort running in Public Zone Michael Steele (Nov 14)
- RE: RE: Attack on snort running in Public Zone kanwal (Nov 14)
- RE: RE: Attack on snort running in Public Zone james (Nov 16)
- RE: RE: Attack on snort running in Public Zone james (Nov 16)
- RE: RE: Attack on snort running in Public Zone james (Nov 17)
- Re: RE: Attack on snort running in Public Zone james (Nov 14)
- RE: Attack on snort running in Public Zone KS (Nov 14)
- RE: RE: Attack on snort running in Public Zone Michael Steele (Nov 14)
- RE: Attack on snort running in Public Zone Lucretia Enterprises Administrator (Nov 18)
- RE: Attack on snort running in Public Zone Michael Steele (Nov 18)
- AG M.D. DeWar (Nov 18)
- Re: AG GDHough (Nov 18)
- Re: Attack on snort running in Public Zone Matt Kettler (Nov 18)
- <Possible follow-ups>
- RE: Attack on snort running in Public Zone Geoff Craig (Nov 14)
- RE: Attack on snort running in Public Zone Aaron (Nov 17)
- RE: Attack on snort running in Public Zone bmcdowell (Nov 18)
- Message not available
- RE: Attack on snort running in Public Zone Matt Kettler (Nov 18)
- Message not available