Snort mailing list archives
Re: Stealth NIC (Was: How does Snort protect itself ?)
From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 18 Sep 2002 11:33:01 -0700 (PDT)
On Tue, 17 Sep 2002, Ian Macdonald wrote:
Actually, it may still be possible to abuse snort/IDS systems if the NIC doesn't have an IP address. You limit the risk but it is still possible. If it is found that a certain set of packets crash snort, then there is potential for being able to get the snort sensor to do things at your command. Putting in Taps help, but since you still read live data from the wire and do something with it then there is always the possibility for abuse. I have heard of IDS systems that crash because they run out of memory or because they try and decode something bad and break. Just something to think about.
If you recall, not that long ago, there was a bug in Ethereal (and tcpdump, IIRC) that could cause a remote buffer overflow just by decoding a packet. One thing that you can do that will help 'more' is a R/O cable on a ipless interface. That way, traffic _can't_ enter the network since the transmit pairs don't send any data. Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net ------------------------------------------------------- This SF.NET email is sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source & Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How does Snort protect itself ? KD Rajkumar (Sep 08)
- Re: How does Snort protect itself ? Vinay A. Mahadik (Sep 08)
- Re: How does Snort protect itself ? twig les (Sep 09)
- <Possible follow-ups>
- RE: How does Snort protect itself ? Semerjian, Ohanes (Sep 10)
- Re: How does Snort protect itself ? Vinay A. Mahadik (Sep 10)
- Re: How does Snort protect itself ? KD Rajkumar (Sep 15)
- Re: How does Snort protect itself ? WTWork (Sep 15)
- Re: How does Snort protect itself ? Gary Flynn (Sep 16)
- Re: How does Snort protect itself ? Ian Macdonald (Sep 17)
- Re: Stealth NIC (Was: How does Snort protect itself ?) Erek Adams (Sep 18)
- Re: How does Snort protect itself ? WTWork (Sep 15)
- Re: How does Snort protect itself ? Vinay A. Mahadik (Sep 08)
- Re: How does Snort protect itself ? KD Rajkumar (Sep 15)
- Re: How does Snort protect itself ? twig les (Sep 10)