[Snort-users] firewalling snort machine
snortlst at ...125...
Thu Feb 21 13:37:02 EST 2002
Maybe I miss something here, but:
1.I want to be able to that machine over the internet to connect via https.
2. Why can't I just firewall it and leave only 443 open?
----- Original Message -----
From: "Erek Adams" <erek at ...577...>
To: "Basil Saragoza" <snortlst at ...125...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Thursday, February 21, 2002 3:55 PM
Subject: Re: [Snort-users] firewalling snort machine
> On Thu, 21 Feb 2002, Basil Saragoza wrote:
> > I have a snort machine exposed to the internet (connected to our
> > switch, it monitors traffic coing to the firewall public nic). Is it
> > install firewall on snort machine and disable ALL incoming traffic to
> > machin from the internet? Will it affect snort functionality? (My guess
> > would be it won't cause snort sniffs packets fro the switch and it is
> > dependent on internet connectivity, but I just want to make sure that mu
> > guess is correct) thx.
> As others have said, use 2 nics. The other emails are pretty clear on
> to do that, so I won't rehash that.
> BUT--Just to be overly paranoid, use a R/O cable on the connection that
> doesn't have an IP. Just because there isn't a way to exploit it that is
> currently known, does _not_ mean there isn't one. Consider this:
> OSI model has 7 layers. IP is Layer 3, physical is Layer 1. If you stop
> at Layer 1, there's even less risk than ever.
> But--Some switches and hubs don't do so well with R/O cables. One method
> seems to work fairly well is this one:
> Erek Adams
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users