Re: snort on router - risks?

To: debian-user@lists.debian.org
Subject: Re: snort on router - risks?
From: "Jeffrey L. Taylor" <jeff@austinblues.dyndns.org>
Date: Mon, 18 Aug 2003 10:36:00 -0500
Message-id: <[🔎] 20030818153600.GH599@pogo.bearhouse.lan>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] bhqais$8ub$2@sea.gmane.org>
References: <[🔎] bhqais$8ub$2@sea.gmane.org>

Quoting Marcus Schopen <lists@localguru.de>:
> Hi,
> 
> on my DSL-router (masqurading) at home I'd like to install snort to see 
> who attacks me from the internet side. I know that one should install 
> snort on a seperate hosts before and behind the firewall to get the best 
> results, but this is just my little "home net" and I don't want to set 
> up further linuxboxes.
> 
> So my question: what are the risks to set up snort on the gateway-router 
> instead of using a seperate snort host? Is that insecure? And why?
> 

Marcus,
  Snort is a program just like any other that listens to a network
connection, it can be compromised.  AFAIK, the worst that has happened
recently is that a flaw allowed an attacker to disable Snort.  I
consider running Snort to be better than not running it.  For another
possible approach, see an article I wrote:

http://www.linuxjournal.com/article.php?sid=6985

Reply to:

Follow-Ups:
- Re: snort on router - risks?
  - From: Marcus Schopen <lists@localguru.de>
- Re: snort on router - risks?
  - From: Marcus Schopen <lists@localguru.de>

References:
- snort on router - risks?
  - From: Marcus Schopen <lists@localguru.de>

Prev by Date: Re: Problem with video card when installing debian Gnu/Linux.
Next by Date: Re: Printing help, please.
Previous by thread: snort on router - risks?
Next by thread: Re: snort on router - risks?
Index(es):
- Date
- Thread