[Snort-users] ask about hack program to go through the firewall

Jon Quiros jquiros at ...6668...
Thu Sep 19 06:24:02 EDT 2002


ardi,
some thought from a non-expert:

ardi wrote:

> Hi all...
> First of all I wanna give a picture the situation I
> have here.. right now i have a firewall between my
> local network and the internet, and my snort box is
> before the firewall and after the firewall.
> I wanna test how hard the snort can detect the hacking
> programs, but i don't know much about hacking program
> out there.

big topic.  there are many attacks, and more to come.  some snort or any
IDS won't know about.  that's why signatures are updated and it's very
helpful to contribute with snort-sigs.

>
> So i just wanna ask if there is someone here that can
> give me a clue to find the hacking program to attack
> the firewall so i can go through to my local network.
> Im doing this just for my experiment on my final
> assignment at my university.
>
> My point here is do we need an IDS if the firewall is
> strong enough to block the attack..??

just like many attacks (most actually) occur from the inside, many
attacks occur over paths/connections that the firewall allows in and
must allow in for public services you wish to offer.

from what i understand, i can think of one firewall strong enough to
block any attack.  except it's not a firewall.  really, it would mean
being disconnected from what you wish to protect things from.  picture a
firewall with no power (acor dc), or a cleanly cut ethernet cable in a
single critical data path, but if you've got that 100% fully functional
and secure firewall setting going I'd say you've got other problems :)






More information about the Snort-users mailing list