[Snort-users] Attack on snort running in Public Zone
mkettler at ...4108...
Tue Nov 18 12:38:05 EST 2003
At 05:05 PM 11/17/2003, crtech wrote:
> The final protection was that I did not assign that NIC an IP
> address. It can not send anything so it is my understanding that it will
> not be able to be hacked.
Stating it is impossible for a NIC with no IP address to be hacked is a
slight over-estimation of security...
"it will be immune to most common kinds of TCP/IP based attack" is more
Take for example the stream4 buffer overflow vulnerability in snort 1.9.x..
Theoretically an attacker can exploit this bug in snort itself to run code
on your snort system, even if it has no IP address assigned on the snort
interface. If the system has a second non-steath interface the attacker can
use that interface to communicate with the outside world.
More information about the Snort-users