|
|
|
|
Snort Forums Archive
Archive Home » Snort Newbies » Question about stealth configuration
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Question about stealth configuration
Posted by mangood on March 20, 2005 09:10:53
Hi
I'm about to install snort in my network environment. Basicaly I want to monitor 4 servers located in DMZ. I want to put there SNORT with two interfaces. First interface would be configured as stealth (without IP address and connected to hub using one-way network cable). Second interface would be connected to my LAN - for administrative purposes. I would like to ask you for your opinion if this configuration is safe.
Thanks in advance. |
|
Posted by maverick on March 22, 2005 05:14:54
Snort would have to be vulnerable to an attack that would be triggered in its detection engine by a maliciously crafted packet (which wouldn't be a first). The likelihood of this type of exploit, coming from an actual malicious user (not a worm), who would get on the box and take the time to figure out that the interface with no IP can connect to the DMZ, then configure it with a valid IP, and then reach your DMZ, is slim. |
|
|
|
|
|
