Re: [Snort-users] RE: Attack on snort running in Public Zone
This is a discussion on Re: [Snort-users] RE: Attack on snort running in Public Zone within the Snort forums, part of the System Security and Security Related category; It is not necessary to assign an IP address to the interface snort is monitoring, uncheck all the bound components ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-15-2003
|
|||
|
|||
Re: [Snort-users] RE: Attack on snort running in Public Zone
It is not necessary to assign an IP address to the interface snort is
monitoring, uncheck all the bound components on your ethernet adapter. I would recommend slapping a second NIC in your sensor and monitoring it from the backend on a private network. Also, you may want to consider using a Tap device for true passive monitoring, they run between $400-$500 US dollars. The OS (regardless of what platform), the sensor engine, and the planet earth will always be vulnerable to DoS attacks. Just try and minimize your risk. www.netoptics.com www.intrusion.com Just my 2.0134 cents worth (tax included) Scot Wiedenfeld ----- Original Message ----- From: "james" <hackerwacker@cybermesa.com> To: <snort-users@lists.sourceforge.net> Sent: Friday, November 14, 2003 6:54 PM Subject: Re: [Snort-users] RE: Attack on snort running in Public Zone > Well, don't run in on a OS that can be DoS'ed. > > > ----- Original Message ----- > From: "KS" <kanwaljeet@emind.com> > To: <snort-users@lists.sourceforge.net> > Sent: Tuesday, November 11, 2003 8:15 AM > Subject: [Snort-users] RE: Attack on snort running in Public Zone > > > : Is anyone out there who can help ???????? > : > : > : -----Original Message----- > : From: KS [mailto:kanwaljeet@emind.com] > : Sent: Monday, November 10, 2003 8:48 PM > : To: snort-users@lists.sourceforge.net > : Subject: Attack on snort running in Public Zone > : > : > : Helllo Everybody. > : > : I have snort running on win2k and it is working fine so far.I had placed > : it in DMZ to monitor the malicious traffic passing through firewall and Now > : i want to put another snort win2k system in Public zone i.e in between my > : router and firewall so i can know which traffic is actually hitting the > : outside interface of my firewall. > : My concern is : Since my snort system ( win2k ) is gonna be on public IP > : address , what will happen if somebody runs a Denial of service attack on my > : snort system itself. > : How can i be sure that my snort system running on win2k is safe from DOS > : attack ? > : > : Thanks > : KS > : > > > ------------------------------------------------------- > This SF. Net email is sponsored by: GoToMyPC > GoToMyPC is the fast, easy and secure way to access your computer from > any Web browser or wireless device. Click here to Try it Free! > https://www.gotomypc.com/tr/OSDN/AW/...=mm/g22lp.tmpl > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > ------------------------------------------------------- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/...=mm/g22lp.tmpl _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
