Quoting Marcus Schopen <lists@localguru.de>:
Hi,
on my DSL-router (masqurading) at home I'd like to install snort to see
who attacks me from the internet side. I know that one should install
snort on a seperate hosts before and behind the firewall to get the best
results, but this is just my little "home net" and I don't want to set
up further linuxboxes.
So my question: what are the risks to set up snort on the gateway-router
instead of using a seperate snort host? Is that insecure? And why?
Marcus,
Snort is a program just like any other that listens to a network
connection, it can be compromised. AFAIK, the worst that has happened
recently is that a flaw allowed an attacker to disable Snort. I
consider running Snort to be better than not running it. For another
possible approach, see an article I wrote:
http://www.linuxjournal.com/article.php?sid=6985