[Snort-users] Snort with three interfaces attached to diferent network segment
erek at ...950...
Wed Jun 18 11:54:11 EDT 2003
On Wed, 18 Jun 2003 artiman at ...9501... wrote:
> Hi Folks, I have the following question, I just have one machine to
> monitor the activity on three diferent network segments (Redhat 9), so
> I plan to to install 3 NIC on the snort machine, setup the interfaces
> on promiscous mode without IP information and start to listen each
> segment, I'm kinda worried for the security implications because I'm
> creating a physcial path between the Internet, DMZ and MZ zones, so
> in theory there is a small probablity of bypass the Firewall using
> the snort machine.
> Can somebody explain what is the risk that I'm facing using this
> architecture, How can I make sure 100% that the Linux will not route
> packet between different segments, In wich ways a Hacker can exploit
> my network ???
* Stealth interfaces (interfaces with no IP).
* Read only cables.
All mentioned in the Handy-Dandy FAQ!  It slices, It dices, It even can
keep you warm at night! ;-)
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users