[Snort-users] Attack on snort running in Public Zone

Jason Haar Jason.Haar at ...294...
Tue Nov 18 16:04:13 EST 2003


On Wed, 2003-11-19 at 12:43, Matt Kettler wrote:
> In a box with only one NIC, connected to a hardware tap with no send 
> capabilities, even the best case for an exploiter would leave them limited 
> to making changes to the snort box itself.. ie: they could load code to 
> delete files, call for shutdown, etc.

Nah - you're forgetting that the box is almost guaranteed to have a
management port too... So they break in, then tunnel back out to
themselves via the operational eth0/whatever.

Of course, a firewall in front, yada, yada...

Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1






More information about the Snort-users mailing list