[Snort-users] Attack on snort running in Public Zone

Michael Steele michaels at ...9077...
Tue Nov 18 08:24:05 EST 2003

Here is a post on the subject:




-Michael Steele
 System Engineer / Security Support Technician    
 mailto:michaels at ...9077...   
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org


From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Lucretia
Enterprises Administrator
Sent: Tuesday, November 18, 2003 7:16 AM
To: crtech; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Attack on snort running in Public Zone


What did you do to stop the services from broadcasting on your connection?



-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of crtech
Sent: Monday, November 17, 2003 3:05 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Attack on snort running in Public Zone

I run snort on a Win2k box.  I have placed it outside our network so that we
may see what is trying to get in.  In the future we plan to add one to the
inside.  (We are just learning right now)  When I installed the OS on this
box I made sure that I had all the patches and updates.  I also tried to
look everything down that I could come up with.  The final protection was
that I did not assign that NIC an IP address.  It can not send anything so
it is my understanding that it will not be able to be hacked.




----- Original Message ----- 

From: KS <mailto:kanwaljeet at ...10300...>  

To: snort-users at lists.sourceforge.net 

Sent: Monday, November 10, 2003 9:18 AM

Subject: [Snort-users] Attack on snort running in Public Zone


Helllo Everybody.


I have snort running on win2k and it is working fine so far.I had placed it
in DMZ to monitor the malicious traffic passing through firewall and Now i
want to put another snort win2k system in Public zone i.e in between my
router and firewall so i can know which traffic is actually hitting the
outside interface of my firewall. 

My concern is :  Since my snort system ( win2k ) is gonna be on public IP
address , what will happen if somebody runs a Denial of service attack on my
snort system itself.  

How can i be sure that my snort system running on win2k is safe from DOS
attack ?




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20031118/fac71a5c/attachment.html>

More information about the Snort-users mailing list