Re: Attack on snort running in Public Zone

["crtech" <crtech () hot rr com>]

I run snort on a Win2k box.  I have placed it outside our network so that we may see what is trying to get in.  In the 
future we plan to add one to the inside.  (We are just learning right now)  When I installed the OS on this box I made 
sure that I had all the patches and updates.  I also tried to look everything down that I could come up with.  The 
final protection was that I did not assign that NIC an IP address.  It can not send anything so it is my understanding 
that it will not be able to be hacked.


Lynn
  ----- Original Message ----- 
  From: KS 
  To: snort-users () lists sourceforge net 
  Sent: Monday, November 10, 2003 9:18 AM
  Subject: [Snort-users] Attack on snort running in Public Zone


  Helllo Everybody.

  I have snort running on win2k and it is working fine so far.I had placed it in DMZ to monitor the malicious traffic 
passing through firewall and Now i want to put another snort win2k system in Public zone i.e in between my router and 
firewall so i can know which traffic is actually hitting the outside interface of my firewall. 
  My concern is :  Since my snort system ( win2k ) is gonna be on public IP address , what will happen if somebody runs 
a Denial of service attack on my snort system itself.  
  How can i be sure that my snort system running on win2k is safe from DOS attack ?

  Thanks
  KS