Re: Attack on snort running in Public Zone

[MH <procana () insight rr com>]

Hi KS,

If you assign a routable address to your snort sensor, it will
be directly exposed to all the things any other system on the Internet
are exposed to (including (D)DOS attacks).  
All of the *external* sensors that I have deployed 
run OpenBSD with very restrictive pf rulesets.  I would
never recommend that anyone put an ms system outside
of a firewall especially with a *live* ip address.
Then again, I wouldn't recommend anyone put an ms system
inside of a firewall either ;)

Is it necessary that you assign an ip address to your external
sensor?  You might want to consider not binding any address.

Hope this helps,
Mike

On Mon, Nov 10, 2003 at 08:48:11PM +0530, KS wrote:
> Helllo Everybody.
>  
> I have snort running on win2k and it is working fine so far.I had placed it in DMZ to monitor the malicious traffic 
> passing through firewall and Now i want to put another snort win2k system in Public zone i.e in between my router and 
> firewall so i can know which traffic is actually hitting the outside interface of my firewall. 
> My concern is :  Since my snort system ( win2k ) is gonna be on public IP address , what will happen if somebody runs 
> a Denial of service attack on my snort system itself.  
> How can i be sure that my snort system running on win2k is safe from DOS attack ?
>  
> Thanks
> KS


-------------------------------------------------------
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users