Snort mailing list archives
RE: firewalling snort machine
From: "Salisko, Rick" <SaliskoR () ottawapolice ca>
Date: Fri, 22 Feb 2002 08:15:00 -0500
I have tried to get around a similar problem in the past by setting the default gateway of the sensor to the firewall external interface, which, of course, is set to deny all such packets. Each time a packet (scan or otherwise) is directed to the sensor ip address, any response it sends is sent to the firewall, which reports it as a packet forwarding attack. Other than opening the sensor to a DOS type attack, can anybody see any other blatant holes in this technique ? -----Original Message----- From: McCammon, Keith [mailto:Keith.McCammon () eadvancemed com] Sent: Thursday, February 21, 2002 4:59 PM To: Basil Saragoza; Erek Adams Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] firewalling snort machine To answer your follow-up questions: 1) I would highly recommend that you rethink this. It is generally considered to be a VERY BAD practice to make your most critical security systems available to the outside world. You just don't do it. Use an internal interface for management. Your sensor should never be visible, in any fashion, to the outside world. It should see without being seen. 2) You could, and it would not affect Snort's operation. However, I recommend that you read item 1. Cheers Keith _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- firewalling snort machine Basil Saragoza (Feb 21)
- Re: firewalling snort machine Erek Adams (Feb 21)
- Re: firewalling snort machine Basil Saragoza (Feb 21)
- Re: firewalling snort machine Erek Adams (Feb 21)
- Re: firewalling snort machine dr . kaos (Feb 22)
- Re: firewalling snort machine Basil Saragoza (Feb 21)
- <Possible follow-ups>
- RE: firewalling snort machine Sean T. Ballard (Feb 21)
- Re: firewalling snort machine Basil Saragoza (Feb 21)
- Re: firewalling snort machine Saad Kadhi (Feb 21)
- Re: firewalling snort machine Basil Saragoza (Feb 21)
- RE: firewalling snort machine McCammon, Keith (Feb 21)
- RE: firewalling snort machine Semerjian, Ohanes (Feb 21)
- RE: firewalling snort machine Salisko, Rick (Feb 22)
- RE: firewalling snort machine Erek Adams (Feb 22)
- Re: firewalling snort machine Basil Saragoza (Feb 22)
- Re: firewalling snort machine Erek Adams (Feb 22)
- RE: firewalling snort machine Erek Adams (Feb 22)
- Re: firewalling snort machine Erek Adams (Feb 21)
- RE: firewalling snort machine McCammon, Keith (Feb 22)
- Re: firewalling snort machine Erek Adams (Feb 22)
- RE: firewalling snort machine Salisko, Rick (Feb 25)