[Snort-users] Attack on snort running in Public Zone

bmcdowell at ...7861... bmcdowell at ...7861...
Tue Nov 18 13:37:04 EST 2003

It seems to me that, second interface or not, such an exploit as the
example Matt gave could also be used to somehow provide an IP to the
'stealth' box.

Now a tap, well, they would need to do some wiring to beat that one
(unless there's another interface).  Right?

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Matt
Sent: Tuesday, November 18, 2003 2:32 PM
To: crtech; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Attack on snort running in Public Zone

At 05:05 PM 11/17/2003, crtech wrote:
>  The final protection was that I did not assign that NIC an IP 
> address.  It can not send anything so it is my understanding that it
> not be able to be hacked.

Stating it is impossible for a NIC with no IP address to be hacked is a 
slight over-estimation of security...

"it will be immune to most common kinds of TCP/IP based attack" is more 

Take for example the stream4 buffer overflow vulnerability in snort
Theoretically an attacker can exploit this bug in snort itself to run
on your snort system, even if it has no IP address assigned on the snort

interface. If the system has a second non-steath interface the attacker
use that interface to communicate with the outside world.

This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list