[Snort-users] Attack on snort running in Public Zone
procana at ...4296...
Fri Nov 14 19:07:02 EST 2003
If you assign a routable address to your snort sensor, it will
be directly exposed to all the things any other system on the Internet
are exposed to (including (D)DOS attacks).
All of the *external* sensors that I have deployed
run OpenBSD with very restrictive pf rulesets. I would
never recommend that anyone put an ms system outside
of a firewall especially with a *live* ip address.
Then again, I wouldn't recommend anyone put an ms system
inside of a firewall either ;)
Is it necessary that you assign an ip address to your external
sensor? You might want to consider not binding any address.
Hope this helps,
On Mon, Nov 10, 2003 at 08:48:11PM +0530, KS wrote:
> Helllo Everybody.
> I have snort running on win2k and it is working fine so far.I had placed it in DMZ to monitor the malicious traffic passing through firewall and Now i want to put another snort win2k system in Public zone i.e in between my router and firewall so i can know which traffic is actually hitting the outside interface of my firewall.
> My concern is : Since my snort system ( win2k ) is gonna be on public IP address , what will happen if somebody runs a Denial of service attack on my snort system itself.
> How can i be sure that my snort system running on win2k is safe from DOS attack ?
More information about the Snort-users