Snort mailing list archives
RE: Attack on snort running in Public Zone
From: <bmcdowell () coxhealthplans com>
Date: Tue, 18 Nov 2003 15:35:59 -0600
It seems to me that, second interface or not, such an exploit as the example Matt gave could also be used to somehow provide an IP to the 'stealth' box. Now a tap, well, they would need to do some wiring to beat that one (unless there's another interface). Right? -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Matt Kettler Sent: Tuesday, November 18, 2003 2:32 PM To: crtech; snort-users () lists sourceforge net Subject: Re: [Snort-users] Attack on snort running in Public Zone At 05:05 PM 11/17/2003, crtech wrote:
The final protection was that I did not assign that NIC an IP address. It can not send anything so it is my understanding that it
will
not be able to be hacked.
Stating it is impossible for a NIC with no IP address to be hacked is a slight over-estimation of security... "it will be immune to most common kinds of TCP/IP based attack" is more accurate. Take for example the stream4 buffer overflow vulnerability in snort 1.9.x.. Theoretically an attacker can exploit this bug in snort itself to run code on your snort system, even if it has no IP address assigned on the snort interface. If the system has a second non-steath interface the attacker can use that interface to communicate with the outside world. ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: RE: Attack on snort running in Public Zone, (continued)
- RE: RE: Attack on snort running in Public Zone Michael Steele (Nov 14)
- Re: Attack on snort running in Public Zone MH (Nov 14)
- Re: Attack on snort running in Public Zone crtech (Nov 18)
- RE: Attack on snort running in Public Zone Lucretia Enterprises Administrator (Nov 18)
- RE: Attack on snort running in Public Zone Michael Steele (Nov 18)
- AG M.D. DeWar (Nov 18)
- Re: AG GDHough (Nov 18)
- Re: Attack on snort running in Public Zone Matt Kettler (Nov 18)
- RE: Attack on snort running in Public Zone Lucretia Enterprises Administrator (Nov 18)
- RE: Attack on snort running in Public Zone Geoff Craig (Nov 14)
- RE: Attack on snort running in Public Zone Aaron (Nov 17)
- RE: Attack on snort running in Public Zone bmcdowell (Nov 18)
- Message not available
- RE: Attack on snort running in Public Zone Matt Kettler (Nov 18)
- RE: Attack on snort running in Public Zone Lucretia Enterprises Administrator (Nov 18)
- RE: Attack on snort running in Public Zone Matt Kettler (Nov 19)
- RE: Attack on snort running in Public Zone Jason Haar (Nov 18)
- Re: Attack on snort running in Public Zone Craig Paterson (Nov 18)
- Attack on snort running in Public Zone crtech (Nov 20)
- Message not available