Snort mailing list archives
RE: Snort with three interfaces attached to diferent network segment
From: "Mike Feetham" <mike.feetham () percepta-crm com>
Date: Wed, 18 Jun 2003 14:34:02 -0400
If you want to be 100% sure your Snort machine doesn't route traffic then you will have to power it off. Since that's not very pratical for IDS, the next best option is to NOT configure IP addresses on any of your promiscuous interfaces. That's still not perfect, but it's much harder to hack what you can't see. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of artiman () cable net co Sent: Wednesday, June 18, 2003 2:03 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort with three interfaces attached to diferent network segment Hi Folks, I have the following question, I just have one machine to monitor the activity on three diferent network segments (Redhat 9), so I plan to to install 3 NIC on the snort machine, setup the interfaces on promiscous mode without IP information and start to listen each segment, I'm kinda worried for the security implications because I'm creating a physcial path between the Internet, DMZ and MZ zones, so in theory there is a small probablity of bypass the Firewall using the snort machine. Can somebody explain what is the risk that I'm facing using this architecture, How can I make sure 100% that the Linux will not route packet between different segments, In wich ways a Hacker can exploit my network ??? thanks Artiman ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort with three interfaces attached to diferent network segment artiman (Jun 18)
- RE: Snort with three interfaces attached to diferent network segment Mike Feetham (Jun 18)
- Re: Snort with three interfaces attached to diferent network segment Erek Adams (Jun 18)
- Re: Snort with three interfaces attached to diferent network segment Bennett Todd (Jun 18)
- Re: Snort with three interfaces attached to diferent network segment Craig Paterson (Jun 18)