Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Attack on snort running in Public Zone

From: Matt Kettler <mkettler () EVI-INC COM>
Date: Tue, 18 Nov 2003 15:32:08 -0500
At 05:05 PM 11/17/2003, crtech wrote:
The final protection was that I did not assign that NIC an IP address. It can not send anything so it is my understanding that it will not be able to be hacked.
Stating it is impossible for a NIC with no IP address to be hacked is a slight over-estimation of security...
"it will be immune to most common kinds of TCP/IP based attack" is more accurate.
Take for example the stream4 buffer overflow vulnerability in snort 1.9.x.. Theoretically an attacker can exploit this bug in snort itself to run code on your snort system, even if it has no IP address assigned on the snort interface. If the system has a second non-steath interface the attacker can use that interface to communicate with the outside world. 









-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: