[Snort-users] Snort with three interfaces attached to diferent network segment
mike.feetham at ...9502...
Wed Jun 18 11:35:05 EDT 2003
If you want to be 100% sure your Snort machine doesn't route traffic
then you will have to power it off. Since that's not very pratical for
IDS, the next best option is to NOT configure IP addresses on any of
your promiscuous interfaces. That's still not perfect, but it's much
harder to hack what you can't see.
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
artiman at ...9501...
Sent: Wednesday, June 18, 2003 2:03 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort with three interfaces attached to diferent
Hi Folks, I have the following question, I just have one machine to
monitor the activity on three diferent network segments (Redhat 9), so
I plan to to install 3 NIC on the snort machine, setup the interfaces
on promiscous mode without IP information and start to listen each
segment, I'm kinda worried for the security implications because I'm
creating a physcial path between the Internet, DMZ and MZ zones, so
in theory there is a small probablity of bypass the Firewall using
the snort machine.
Can somebody explain what is the risk that I'm facing using this
architecture, How can I make sure 100% that the Linux will not route
packet between different segments, In wich ways a Hacker can exploit
my network ???
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users