Snort mailing list archives

Previous By Date Next
Previous By Thread Next

hi

From: westlake <westlake2012 () videotron ca>
Date: Tue, 30 Sep 2014 00:32:53 -0400
hi, i'm new to snort and would like an opinion on how secure is a snort 
sensor itself? Has there ever been a compromise of a snort sensor? By 
having a sensor on a hypervisor I'll prevent wasting cpu instead of 
allocating sensors for each VM. The hypervisor main network interface 
where all traffic is inbound from the internet will not have any IP 
address on it which imho makes it ideal for snort(though it can be 
reachable through a secondary tap device Private IP network which is 
connected to one of the VMs). I couldn't find information on this type 
of setup, so I'm wondering what else I could be missing without getting 
too fussy about it. If this seems too risky of an exploit and special 
crafted packet that can compromise a snort sensor then I guess this 
isn't the way for me to use it. If it is not possible to compromise a 
sensor then I don't see any harm using it this way but I can't find any 
information about this.  I suppose it's like saying is it possible to 
"attack" tcpdump while it is scanning packets, most likely not, but I 
just want to know if anybody knows of any exploits and whether or not 
this is actually a safe way to implement snort.  If I shouldn't use 
snort like this then I guess I will have no choice but to implement 
snort in each VM and go the longer route for the safest setup. I hope 
someone understands me what I'm going after, not snort rules, and a lot 
of configuration setups that can be done with it, but something more 
substantial to the security of its installation.

thanks

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: