[Snort-users] firewalling snort machine
erek at ...577...
Thu Feb 21 14:15:01 EST 2002
On Thu, 21 Feb 2002, Basil Saragoza wrote:
> Maybe I miss something here, but:
> 1.I want to be able to that machine over the internet to connect via https.
Ummm... This is a 'Bad Thing(tm)'. If you do something like that, you're
exposing your sensor to the public. Consider this: You don't expose
_yourself_ to just anyone! :) Having a visable sensor on the 'net is just
begging to have problems. One good syn flood and your sensor is useless. You
can't connect and it can't see anything. Your best bet is to put 2 nics in
the machine, make nic0 IPless with a R/O cable, then make nic1 connect to the
internal admin lan. Then connect thru your firewall to the admin net, and
then to the snort box for admininstration--if it has to be done from the 'net.
> 2. Why can't I just firewall it and leave only 443 open?
See #1. :)
Again, these are only ideas and opinions. They are not written in stone....
More information about the Snort-users