Snort mailing list archives
hi
From: westlake <westlake2012 () videotron ca>
Date: Tue, 30 Sep 2014 00:32:53 -0400
hi, i'm new to snort and would like an opinion on how secure is a snort sensor itself? Has there ever been a compromise of a snort sensor? By having a sensor on a hypervisor I'll prevent wasting cpu instead of allocating sensors for each VM. The hypervisor main network interface where all traffic is inbound from the internet will not have any IP address on it which imho makes it ideal for snort(though it can be reachable through a secondary tap device Private IP network which is connected to one of the VMs). I couldn't find information on this type of setup, so I'm wondering what else I could be missing without getting too fussy about it. If this seems too risky of an exploit and special crafted packet that can compromise a snort sensor then I guess this isn't the way for me to use it. If it is not possible to compromise a sensor then I don't see any harm using it this way but I can't find any information about this. I suppose it's like saying is it possible to "attack" tcpdump while it is scanning packets, most likely not, but I just want to know if anybody knows of any exploits and whether or not this is actually a safe way to implement snort. If I shouldn't use snort like this then I guess I will have no choice but to implement snort in each VM and go the longer route for the safest setup. I hope someone understands me what I'm going after, not snort rules, and a lot of configuration setups that can be done with it, but something more substantial to the security of its installation. thanks ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- hi westlake (Sep 29)