[Snort-users] firewalling snort machine

Basil Saragoza snortlst at ...125...
Thu Feb 21 13:37:02 EST 2002


Maybe I miss something here, but:
1.I  want to be able to that machine over the internet to connect via https.
2. Why can't I just firewall it and leave only 443 open?

----- Original Message -----
From: "Erek Adams" <erek at ...577...>
To: "Basil Saragoza" <snortlst at ...125...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Thursday, February 21, 2002 3:55 PM
Subject: Re: [Snort-users] firewalling snort machine


> On Thu, 21 Feb 2002, Basil Saragoza wrote:
>
> > I have a snort machine exposed to the internet (connected to our
internet
> > switch, it monitors traffic coing to the firewall public nic). Is it
safe to
> > install firewall on snort machine and disable ALL incoming traffic to
snort
> > machin from the internet? Will it affect snort functionality? (My guess
> > would be it won't cause snort sniffs packets fro the switch and it is
not
> > dependent on internet connectivity, but I just want to make sure that mu
> > guess is correct) thx.
>
> As others have said, use 2 nics.  The other emails are pretty clear on
how/why
> to do that, so I won't rehash that.
>
> BUT--Just to be overly paranoid, use a R/O cable on the connection that
> doesn't have an IP.  Just because there isn't a way to exploit it that is
> currently known, does _not_ mean there isn't one.  Consider this:
Standard
> OSI model has 7 layers.  IP is Layer 3, physical is Layer 1.  If you stop
them
> at Layer 1, there's even less risk than ever.
>
> But--Some switches and hubs don't do so well with R/O cables.  One method
that
> seems to work fairly well is this one:
>
> http://personal.ie.cuhk.edu.hk/~msng0/sniffing_cable/index.htm
>
> YMMV!
>
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list