[Snort-users] RE: Attack on snort running in Public Zone
scotw at ...125...
Fri Nov 14 18:48:20 EST 2003
It is not necessary to assign an IP address to the interface snort is
monitoring, uncheck all the bound components on your ethernet adapter. I
would recommend slapping a second NIC in your sensor and monitoring it from
the backend on a private network.
Also, you may want to consider using a Tap device for true passive
monitoring, they run between $400-$500 US dollars. The OS (regardless of
what platform), the sensor engine, and the planet earth will always be
vulnerable to DoS attacks. Just try and minimize your risk.
Just my 2.0134 cents worth (tax included)
----- Original Message -----
From: "james" <hackerwacker at ...3784...>
To: <snort-users at lists.sourceforge.net>
Sent: Friday, November 14, 2003 6:54 PM
Subject: Re: [Snort-users] RE: Attack on snort running in Public Zone
> Well, don't run in on a OS that can be DoS'ed.
> ----- Original Message -----
> From: "KS" <kanwaljeet at ...10300...>
> To: <snort-users at lists.sourceforge.net>
> Sent: Tuesday, November 11, 2003 8:15 AM
> Subject: [Snort-users] RE: Attack on snort running in Public Zone
> : Is anyone out there who can help ????????
> : -----Original Message-----
> : From: KS [mailto:kanwaljeet at ...10300...]
> : Sent: Monday, November 10, 2003 8:48 PM
> : To: snort-users at lists.sourceforge.net
> : Subject: Attack on snort running in Public Zone
> : Helllo Everybody.
> : I have snort running on win2k and it is working fine so far.I had
> : it in DMZ to monitor the malicious traffic passing through firewall and
> : i want to put another snort win2k system in Public zone i.e in between
> : router and firewall so i can know which traffic is actually hitting the
> : outside interface of my firewall.
> : My concern is : Since my snort system ( win2k ) is gonna be on public
> : address , what will happen if somebody runs a Denial of service attack
> : snort system itself.
> : How can i be sure that my snort system running on win2k is safe from
> : attack ?
> : Thanks
> : KS
> This SF. Net email is sponsored by: GoToMyPC
> GoToMyPC is the fast, easy and secure way to access your computer from
> any Web browser or wireless device. Click here to Try it Free!
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users