Snort mailing list archives
RE: Attack on snort running in Public Zone
From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 19 Nov 2003 11:16:49 -0500
At 07:00 PM 11/18/2003, Lucretia Enterprises Administrator wrote:
To bring this back on conversation, the original question was to avoid a DDoS attack...
(trimming the to: list to just the list itself)Actually, the topic of this thread was to avoid a DoS attack against the snort box, not a DDoS..
Since an overflow exploit in snort itself could result in a DoS attack against the snort box, it's certainly relevant to this discussion that any claims that a "stealth" interface with no IP address will not provide protection against that form of DoS. It also won't provide absolute protection from general exploitation of the box.
Technically nothing short of unplugging the snort box entirely can absolutely protect it against all kinds of DoS attacks, but it's worth knowing what your level of risk is and how to minimize it.
Stealth interfaces, one-way-taps, using a secured configuration of the OS of your choice, and utilizing snort's ability to chroot/setuid (on platforms that support chroot and setuid) are all ways to minimize the level of risk, by limiting the kinds of attack that will be effective, and reducing the scope of damage that can be done. This general concept is just as applicable to DoS scenarios as full exploit scenarios, and DoS's are even more difficult to protect against.
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Attack on snort running in Public Zone, (continued)
- RE: Attack on snort running in Public Zone Lucretia Enterprises Administrator (Nov 18)
- RE: Attack on snort running in Public Zone Michael Steele (Nov 18)
- AG M.D. DeWar (Nov 18)
- Re: AG GDHough (Nov 18)
- Re: Attack on snort running in Public Zone Matt Kettler (Nov 18)
- RE: Attack on snort running in Public Zone Lucretia Enterprises Administrator (Nov 18)
- RE: Attack on snort running in Public Zone Geoff Craig (Nov 14)
- RE: Attack on snort running in Public Zone Aaron (Nov 17)
- RE: Attack on snort running in Public Zone bmcdowell (Nov 18)
- Message not available
- RE: Attack on snort running in Public Zone Matt Kettler (Nov 18)
- RE: Attack on snort running in Public Zone Lucretia Enterprises Administrator (Nov 18)
- RE: Attack on snort running in Public Zone Matt Kettler (Nov 19)
- RE: Attack on snort running in Public Zone Jason Haar (Nov 18)
- Re: Attack on snort running in Public Zone Craig Paterson (Nov 18)
- Attack on snort running in Public Zone crtech (Nov 20)
- Message not available