[Snort-users] PHP4 advisory... ACID?

Bill Marquette wlmarque at ...8...
Tue Jan 23 11:30:22 EST 2001



Not to say that someone might not do this, but I fail to see why anyone in their
right mind would put their IDS management outside of their private network let
alone NOT password protect or at least filter it.  Not to mention I've seen very
few (0) web servers with dual NICs.  The advisory is a good reminder however
that we can't forget that our IDS management servers (those of us running ACID)
are running web processes that need to be secured.

--Bill




From: Steve Halligan <agent33 at ...187...> on 01/23/2001 09:53 AM

To:   "'Dave Ryan'" <dave at ...1192...>
cc:   snort-users at lists.sourceforge.net
Client:
Subject:  RE: [Snort-users] PHP4 advisory... ACID?



You could do something like this (now for some ascii art :))

         OUTSIDE WORLD

 unnumbered int    numbered int
    ______            _______
    |     |          |      |
    |snort|          | acid |
    |     |          |      |
    |_____|          |______|
    10.0.0.1         10.0.0.2
       |_________________|
               |
               |
           10.0.0.3
           ________
           |       |
           | mysql |
           |_______|

Or something like this...


> -----Original Message-----
> From: Dave Ryan [mailto:dave at ...1192...]
> Sent: Tuesday, January 23, 2001 9:08 AM
> To: Steve Halligan
> Cc: 'Dave Ryan'; snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] PHP4 advisory... ACID?
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> >
> > Who says that your acid box is the same as your snort box?
> Your snort box
> > can still be ivisible to the outside world at the same time
> your acid box
> > has a outward facing interface.
> maybe you mean "internal facing", none the less quite true.
>
> I guess I was just making the point of keeping snort->db
> traffic and ACID retrieval on a private network. Sorry for
> the confusion.
>
> rgds,
> Dave.
> - --
> Dave Ryan                   Default Security
> http://www.default.org.uk/~dave        dave at ...1192...
>
> GnuPG Key:      http://www.default.org.uk/~dave/gpgkey.asc
> Fingerprint:    F418 C882 FF03 82A0 A99A  2720 669C E8C3 44B8 2A0F
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.4 (OpenBSD)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE6bZ4+Zpzow0S4Kg8RAjH7AJ0d/x6gTKG4p1LhvIfPTpN7EffwuwCeJt1v
> fc+pJv3LjrJtHFocLuc6Vj8=
> =WV5L
> -----END PGP SIGNATURE-----
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010123/a6867075/attachment.htm>


More information about the Snort-users mailing list