Re: [Snort-users] Attack on snort running in Public Zone

Hi KS,

If you assign a routable address to your snort sensor, it will
be directly exposed to all the things any other system on the Internet
are exposed to (including (D)DOS attacks). =20
All of the *external* sensors that I have deployed=20
run OpenBSD with very restrictive pf rulesets. I would
never recommend that anyone put an ms system outside
of a firewall especially with a *live* ip address.
Then again, I wouldn't recommend anyone put an ms system
inside of a firewall either ;)

Is it necessary that you assign an ip address to your external
sensor? You might want to consider not binding any address.

Hope this helps,
Mike

On Mon, Nov 10, 2003 at 08:48:11PM +0530, KS wrote:
> Helllo Everybody.
> =A0
> I have snort running on win2k and it is working fine so far.I had place=
d it in DMZ to monitor the malicious traffic passing through firewall and=
Now i want to put another snort win2k system=A0in Public zone i.e in bet=
ween my router and firewall so i can know which traffic=A0is actually hit=
ting the outside interface of my firewall.=A0
> My concern is :=A0 Since=A0my snort system ( win2k ) is gonna be on pub=
lic IP address , what will happen if somebody runs a Denial of service at=
tack=A0on my snort system itself.=A0=A0
> How can i be sure that my snort system running on win2k is safe from DO=
S attack ?
> =A0
> Thanks
> KS


-------------------------------------------------------
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/...=mm/g22lp.tmpl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users