Re: RE: Attack on snort running in Public Zone

["Scot Scot" <scotw () hotmail com>]

It is not necessary to assign an IP address to the interface snort is
monitoring, uncheck all the bound components on your ethernet adapter. I
would recommend slapping a second NIC in your sensor and monitoring it from
the backend on a private network.

Also, you may want to consider using a Tap device for true passive
monitoring, they run between $400-$500 US dollars. The OS (regardless of
what platform), the sensor engine, and the planet earth will always be
vulnerable to DoS attacks. Just try and minimize your risk.

www.netoptics.com
www.intrusion.com

Just my 2.0134 cents worth (tax included)
Scot Wiedenfeld

----- Original Message ----- 
From: "james" <hackerwacker () cybermesa com>
To: <snort-users () lists sourceforge net>
Sent: Friday, November 14, 2003 6:54 PM
Subject: Re: [Snort-users] RE: Attack on snort running in Public Zone


> Well, don't run in on a OS that can be DoS'ed.
>
>
> ----- Original Message ----- 
> From: "KS" <kanwaljeet () emind com>
> To: <snort-users () lists sourceforge net>
> Sent: Tuesday, November 11, 2003 8:15 AM
> Subject: [Snort-users] RE: Attack on snort running in Public Zone
>
>
> : Is anyone out there who can help ????????
> :
> :
> : -----Original Message-----
> : From: KS [mailto:kanwaljeet () emind com]
> : Sent: Monday, November 10, 2003 8:48 PM
> : To: snort-users () lists sourceforge net
> : Subject: Attack on snort running in Public Zone
> :
> :
> :   Helllo Everybody.
> :
> :   I have snort running on win2k and it is working fine so far.I had
placed
> : it in DMZ to monitor the malicious traffic passing through firewall and
Now
> : i want to put another snort win2k system in Public zone i.e in between
my
> : router and firewall so i can know which traffic is actually hitting the
> : outside interface of my firewall.
> :   My concern is :  Since my snort system ( win2k ) is gonna be on public
IP
> : address , what will happen if somebody runs a Denial of service attack
on my
> : snort system itself.
> :   How can i be sure that my snort system running on win2k is safe from
DOS
> : attack ?
> :
> :   Thanks
> :   KS
> :
>
>
> -------------------------------------------------------
> This SF. Net email is sponsored by: GoToMyPC
> GoToMyPC is the fast, easy and secure way to access your computer from
> any Web browser or wireless device. Click here to Try it Free!
> https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users