Re: firewalling snort machine

[Erek Adams <erek () theadamsfamily net>]

On Thu, 21 Feb 2002, Basil Saragoza wrote:

> Maybe I miss something here, but:
> 1.I  want to be able to that machine over the internet to connect via https.

Ummm...  This is a 'Bad Thing(tm)'.  If you do something like that, you're
exposing your sensor to the public.  Consider this:  You don't expose
_yourself_ to just anyone!  :)  Having a visable sensor on the 'net is just
begging to have problems.  One good syn flood and your sensor is useless.  You
can't connect and it can't see anything.  Your best bet is to put 2 nics in
the machine, make nic0 IPless with a R/O cable, then make nic1 connect to the
internal admin lan.  Then connect thru your firewall to the admin net, and
then to the snort box for admininstration--if it has to be done from the 'net.

> 2. Why can't I just firewall it and leave only 443 open?

See #1.  :)

Again, these are only ideas and opinions.  They are not written in stone....

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users