Re: snort on router - risks?
Quoting Marcus Schopen <lists@localguru.de>:
> Hi,
>
> on my DSL-router (masqurading) at home I'd like to install snort to see
> who attacks me from the internet side. I know that one should install
> snort on a seperate hosts before and behind the firewall to get the best
> results, but this is just my little "home net" and I don't want to set
> up further linuxboxes.
>
> So my question: what are the risks to set up snort on the gateway-router
> instead of using a seperate snort host? Is that insecure? And why?
>
Marcus,
Snort is a program just like any other that listens to a network
connection, it can be compromised. AFAIK, the worst that has happened
recently is that a flaw allowed an attacker to disable Snort. I
consider running Snort to be better than not running it. For another
possible approach, see an article I wrote:
http://www.linuxjournal.com/article.php?sid=6985
Reply to: