Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Attack on snort running in Public Zone

From: Jason Haar <Jason.Haar () trimble co nz>
Date: Wed, 19 Nov 2003 13:03:12 +1300
On Wed, 2003-11-19 at 12:43, Matt Kettler wrote:

In a box with only one NIC, connected to a hardware tap with no send 
capabilities, even the best case for an exploiter would leave them limited 
to making changes to the snort box itself.. ie: they could load code to 
delete files, call for shutdown, etc.


Nah - you're forgetting that the box is almost guaranteed to have a
management port too... So they break in, then tunnel back out to
themselves via the operational eth0/whatever.

Of course, a firewall in front, yada, yada...

Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: