Snort mailing list archives
Re: snort on router - risks?
From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>
Date: Mon, 18 Aug 2003 18:22:16 +0200
Hi, Marcus Schopen wrote:
Hi,
[...]
So my question: what are the risks to set up snort on the gateway-router instead of using a seperate snort host? Is that insecure? And why?
Basically one should run as few services as possible on a system directly connected to the internet. Snort 1.9 was remotely exploitable. Security measures may become a target of an attack as well. As far as I'm concerned in this case it is a acceptable limited risk which is always there - no matter if you have a separate IDS machine or using for ex. the packet filter. Maybe slightly increased in the latter case. Because Snort is intentionally getting packets before a packet packet filter can take them out, there is no protection for it. That's simply the way it is. In a such small environment ;) - where deployment costs should be held as low as possible I would pay more attention on services that are directly reachable over the internet - if you offer some. Snort will however remain a target, a small one, though. If someone takes over the IDS machine there is one level more to hack in order to reach your protected network. But if the guy only wants to use your IDS machine for his own purposes he is not interested in breaking in your network. If your packet filter with IDS onboard is being hacked, then much worse things may happen. It is always a question of cost-benefit-factor unfortunatelly you have to calculate for yourself. ;) Regards, Edin
Thanks Marcus
-- Edin Dizdarevic ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort on router - risks? Marcus Schopen (Aug 18)
- Re: snort on router - risks? Bennett Todd (Aug 18)
- Re: snort on router - risks? Marcus Schopen (Aug 18)
- Re: snort on router - risks? twig les (Aug 18)
- Re: snort on router - risks? Edin Dizdarevic (Aug 18)
- Re: snort on router - risks? Ravi (Aug 18)
- Re: snort on router - risks? Bennett Todd (Aug 18)