Re: snort on router - risks?

To: debian-user@lists.debian.org
Subject: Re: snort on router - risks?
From: Marcus Schopen <lists@localguru.de>
Date: Tue, 19 Aug 2003 01:21:53 +0200
Message-id: <[🔎] bhrn2m$t1h$1@sea.gmane.org>
In-reply-to: <[🔎] 20030818153600.GH599@pogo.bearhouse.lan>
References: <[🔎] bhqais$8ub$2@sea.gmane.org> <[🔎] 20030818153600.GH599@pogo.bearhouse.lan>

Jeffrey L. Taylor wrote:

Quoting Marcus Schopen <lists@localguru.de>:
Hi,
on my DSL-router (masqurading) at home I'd like to install snort to seewho attacks me from the internet side. I know that one should installsnort on a seperate hosts before and behind the firewall to get the bestresults, but this is just my little "home net" and I don't want to setup further linuxboxes.
So my question: what are the risks to set up snort on the gateway-routerinstead of using a seperate snort host? Is that insecure? And why?
Marcus,
  Snort is a program just like any other that listens to a network
connection, it can be compromised.  AFAIK, the worst that has happened
recently is that a flaw allowed an attacker to disable Snort.  I
consider running Snort to be better than not running it.  For another
possible approach, see an article I wrote:

http://www.linuxjournal.com/article.php?sid=6985


ahhh, thanks :-))

A user on the german list wrote, that it's dangerous to run snort withpromiscous mode on ppp0. But he didn't explained why? Any ideas?


cheers,
Marcus

Reply to:

References:
- snort on router - risks?
  - From: Marcus Schopen <lists@localguru.de>
- Re: snort on router - risks?
  - From: "Jeffrey L. Taylor" <jeff@austinblues.dyndns.org>

Prev by Date: Re: placement of partitions on hard drive
Next by Date: Re: Problem with X
Previous by thread: Re: snort on router - risks?
Next by thread: Re: snort on router - risks?
Index(es):
- Date
- Thread