[Snort-users] Attack on snort running in Public Zone

Matt Kettler mkettler at ...4108...
Tue Nov 18 12:38:05 EST 2003


At 05:05 PM 11/17/2003, crtech wrote:
>  The final protection was that I did not assign that NIC an IP 
> address.  It can not send anything so it is my understanding that it will 
> not be able to be hacked.

Stating it is impossible for a NIC with no IP address to be hacked is a 
slight over-estimation of security...

"it will be immune to most common kinds of TCP/IP based attack" is more 
accurate.

Take for example the stream4 buffer overflow vulnerability in snort 1.9.x.. 
Theoretically an attacker can exploit this bug in snort itself to run code 
on your snort system, even if it has no IP address assigned on the snort 
interface. If the system has a second non-steath interface the attacker can 
use that interface to communicate with the outside world.











More information about the Snort-users mailing list