Snort mailing list archives

Re: ask about hack program to go through the firewall

From: Jon Quiros <jquiros () teahead net>
Date: Thu, 19 Sep 2002 09:23:20 -0400

ardi,
some thought from a non-expert:

ardi wrote:

Hi all...
First of all I wanna give a picture the situation I
have here.. right now i have a firewall between my
local network and the internet, and my snort box is
before the firewall and after the firewall.
I wanna test how hard the snort can detect the hacking
programs, but i don't know much about hacking program
out there.


big topic.  there are many attacks, and more to come.  some snort or any
IDS won't know about.  that's why signatures are updated and it's very
helpful to contribute with snort-sigs.


So i just wanna ask if there is someone here that can
give me a clue to find the hacking program to attack
the firewall so i can go through to my local network.
Im doing this just for my experiment on my final
assignment at my university.

My point here is do we need an IDS if the firewall is
strong enough to block the attack..??


just like many attacks (most actually) occur from the inside, many
attacks occur over paths/connections that the firewall allows in and
must allow in for public services you wish to offer.

from what i understand, i can think of one firewall strong enough to
block any attack.  except it's not a firewall.  really, it would mean
being disconnected from what you wish to protect things from.  picture a
firewall with no power (acor dc), or a cleanly cut ethernet cable in a
single critical data path, but if you've got that 100% fully functional
and secure firewall setting going I'd say you've got other problems :)




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ask about hack program to go through the firewall ardi (Sep 19)
- Re: ask about hack program to go through the firewall Jon Quiros (Sep 19)
  - Re: ask about hack program to go through the firewall Jon Quiros (Sep 19)
- Re: ask about hack program to go through the firewall Michael Muenz (Sep 19)
- Re: ask about hack program to go through the firewall Matt Kettler (Sep 19)
- RE: ask about hack program to go through the firewall Michael Steele (Sep 19)
  - Re: ask about hack program to go through the firewall Jeff Taylor (Sep 20)
- <Possible follow-ups>
- Re: ask about hack program to go through the firewall Error79 (Sep 20)
- RE: Re: ask about hack program to go through the firewall Donofrio, Lewis (Sep 20)