RE: [Snort-users] RE: Attack on snort running in Public Zone

This is a discussion on RE: [Snort-users] RE: Attack on snort running in Public Zone within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. ------=_NextPart_000_002B_01C3AADF.3AAC38A0 Content-Type: text/plain; charset="us-ascii" ...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page RE: [Snort-users] RE: Attack on snort running in Public Zone

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 11-15-2003
Michael Steele
 
Posts: n/a
Default RE: [Snort-users] RE: Attack on snort running in Public Zone
This is a multi-part message in MIME format.

------=_NextPart_000_002B_01C3AADF.3AAC38A0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit

Run Snort with no IP on the outside.

Cheers...

-Michael Steele
--
System Engineer / Security Support Technician
mailto:michaels@winsnort.com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org

_____

From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of KS
Sent: Tuesday, November 11, 2003 7:15 AM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] RE: Attack on snort running in Public Zone



Is anyone out there who can help ????????





-----Original Message-----
From: KS [mailto:kanwaljeet@emind.com]
Sent: Monday, November 10, 2003 8:48 PM
To: snort-users@lists.sourceforge.net
Subject: Attack on snort running in Public Zone

Helllo Everybody.



I have snort running on win2k and it is working fine so far.I had placed it
in DMZ to monitor the malicious traffic passing through firewall and Now i
want to put another snort win2k system in Public zone i.e in between my
router and firewall so i can know which traffic is actually hitting the
outside interface of my firewall.

My concern is : Since my snort system ( win2k ) is gonna be on public IP
address , what will happen if somebody runs a Denial of service attack on my
snort system itself.

How can i be sure that my snort system running on win2k is safe from DOS
attack ?



Thanks

KS


------=_NextPart_000_002B_01C3AADF.3AAC38A0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html>

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p
{margin-right:0in;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
span.EmailStyle17
{font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>

</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Run Snort with no IP on the =
outside.</span></font></p>

<div>

<p style=3D'margin-bottom:12.0pt'><font size=3D2 color=3Dnavy =
face=3D"Times New Roman"><span
style=3D'font-size:10.0pt;color:navy'>Cheers...<br>
<br>
-Michael Steele<br>
--<br>
&nbsp;System Engineer / Security Support =
Technician&nbsp;&nbsp;&nbsp;&nbsp;<br>
&nbsp;<a =
href=3D"mailto:michaels@winsnort.com">mailto:micha els@winsnort.com</a>&nb=
sp;&nbsp;&nbsp;<br>
&nbsp;Website: <a =
href=3D"http://www.winsnort.com">http://www.winsnort.com</a><br>
&nbsp;Snort: Open Source Network IDS - <a =
href=3D"http://www.snort.org">http://www.snort.org</a></span></font></p>

</div>

<div style=3D'border:none;border-left:solid blue 1.5pt;padding:0in 0in =
0in 4.0pt'>

<div>

<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><font =
size=3D3
face=3D"Times New Roman"><span style=3D'font-size:12.0pt'>

<hr size=3D2 width=3D"100%" align=3Dcenter tabindex=3D-1>

</span></font></div>

<p class=3DMsoNormal><b><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font =
size=3D2
face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'> =
snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] <b><span =
style=3D'font-weight:
bold'>On Behalf Of </span></b>KS<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Tuesday, November =
11, 2003
7:15 AM<br>
<b><span style=3D'font-weight:bold'>To:</span></b>
snort-users@lists.sourceforge.net<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> [Snort-users] =
RE: Attack
on snort running in Public Zone</span></font></p>

</div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;</span></font></p>

<div>

<p class=3DMsoNormal><font size=3D2 color=3Dblue face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:blue'>Is anyone out there who can help =
????????</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;</span></font></p>

</div>

<div>

<p class=3DMsoNormal style=3D'margin-bottom:12.0pt'><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original =
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> KS
[mailto:kanwaljeet@emind.com]<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Monday, November =
10, 2003
8:48 PM<br>
<b><span style=3D'font-weight:bold'>To:</span></b>
snort-users@lists.sourceforge.net<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> Attack on snort =
running
in Public Zone</span></font></p>

</div>

<blockquote =
style=3D'margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Helllo Everybody.</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>I have snort running on win2k and it is working fine =
so
far.I had placed it in DMZ to monitor the malicious traffic passing =
through
firewall and Now i want to put another snort win2k system&nbsp;in Public =
zone
i.e in between my router and firewall so i can know which =
traffic&nbsp;is
actually hitting the outside interface of my =
firewall.&nbsp;</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>My concern is :&nbsp; Since&nbsp;my snort system ( =
win2k )
is gonna be on public IP address , what will happen if somebody runs a =
Denial
of service attack&nbsp;on my snort system =
itself.&nbsp;&nbsp;</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>How can i be sure that my snort system running on =
win2k is
safe from DOS attack ?</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Thanks</span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>KS</span></font></p>

</div>

</blockquote>

</div>

</div>

</body>

</html>

------=_NextPart_000_002B_01C3AADF.3AAC38A0--



-------------------------------------------------------
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/...=mm/g22lp.tmpl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 07:40 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0