[Snort-users] Snort with three interfaces attached to diferent network segment

Erek Adams erek at ...950...
Wed Jun 18 11:54:11 EDT 2003


On Wed, 18 Jun 2003 artiman at ...9501... wrote:

> Hi Folks, I have the following question, I just have one machine to
> monitor the activity on three diferent network segments (Redhat 9), so
> I plan to to install 3 NIC on the snort machine, setup the interfaces
> on promiscous mode without IP information and start to listen each
> segment, I'm kinda worried for the security implications because I'm
> creating a physcial path between the Internet, DMZ and MZ zones, so
> in  theory there is a small probablity of bypass the Firewall using
> the snort machine.
> Can somebody explain what is the risk that I'm facing using this
> architecture, How can I make sure 100% that the Linux will not route
> packet between different segments, In wich ways a Hacker can exploit
> my network ???

Three things:

	* Taps.
	* Stealth interfaces (interfaces with no IP).
	* Read only cables.

All mentioned in the Handy-Dandy FAQ! [0] It slices, It dices, It even can
keep you warm at night!  ;-)

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]	http://www.snort.org/docs/FAQ.txt




More information about the Snort-users mailing list