Snort mailing list archives
Re: firewalling snort machine
From: "Basil Saragoza" <snortlst () hotmail com>
Date: Thu, 21 Feb 2002 16:35:31 -0500
Maybe I miss something here, but: 1.I want to be able to that machine over the internet to connect via https. 2. Why can't I just firewall it and leave only 443 open? ----- Original Message ----- From: "Erek Adams" <erek () theadamsfamily net> To: "Basil Saragoza" <snortlst () hotmail com> Cc: <snort-users () lists sourceforge net> Sent: Thursday, February 21, 2002 3:55 PM Subject: Re: [Snort-users] firewalling snort machine
On Thu, 21 Feb 2002, Basil Saragoza wrote:I have a snort machine exposed to the internet (connected to our
internet
switch, it monitors traffic coing to the firewall public nic). Is it
safe to
install firewall on snort machine and disable ALL incoming traffic to
snort
machin from the internet? Will it affect snort functionality? (My guess would be it won't cause snort sniffs packets fro the switch and it is
not
dependent on internet connectivity, but I just want to make sure that mu guess is correct) thx.As others have said, use 2 nics. The other emails are pretty clear on
how/why
to do that, so I won't rehash that. BUT--Just to be overly paranoid, use a R/O cable on the connection that doesn't have an IP. Just because there isn't a way to exploit it that is currently known, does _not_ mean there isn't one. Consider this:
Standard
OSI model has 7 layers. IP is Layer 3, physical is Layer 1. If you stop
them
at Layer 1, there's even less risk than ever. But--Some switches and hubs don't do so well with R/O cables. One method
that
seems to work fairly well is this one: http://personal.ie.cuhk.edu.hk/~msng0/sniffing_cable/index.htm YMMV! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- firewalling snort machine Basil Saragoza (Feb 21)
- Re: firewalling snort machine Erek Adams (Feb 21)
- Re: firewalling snort machine Basil Saragoza (Feb 21)
- Re: firewalling snort machine Erek Adams (Feb 21)
- Re: firewalling snort machine dr . kaos (Feb 22)
- Re: firewalling snort machine Basil Saragoza (Feb 21)
- <Possible follow-ups>
- RE: firewalling snort machine Sean T. Ballard (Feb 21)
- Re: firewalling snort machine Basil Saragoza (Feb 21)
- Re: firewalling snort machine Saad Kadhi (Feb 21)
- Re: firewalling snort machine Basil Saragoza (Feb 21)
- RE: firewalling snort machine McCammon, Keith (Feb 21)
- RE: firewalling snort machine Semerjian, Ohanes (Feb 21)
- RE: firewalling snort machine Salisko, Rick (Feb 22)
- RE: firewalling snort machine Erek Adams (Feb 22)
- Re: firewalling snort machine Basil Saragoza (Feb 22)
- RE: firewalling snort machine Erek Adams (Feb 22)
(Thread continues...)
- Re: firewalling snort machine Erek Adams (Feb 21)