Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Erek Adams (erektheadamsfamily.net)
Date: Thu Feb 21 2002 - 14:55:19 CST
On Thu, 21 Feb 2002, Basil Saragoza wrote:
> I have a snort machine exposed to the internet (connected to our internet
> switch, it monitors traffic coing to the firewall public nic). Is it safe to
> install firewall on snort machine and disable ALL incoming traffic to snort
> machin from the internet? Will it affect snort functionality? (My guess
> would be it won't cause snort sniffs packets fro the switch and it is not
> dependent on internet connectivity, but I just want to make sure that mu
> guess is correct) thx.
As others have said, use 2 nics. The other emails are pretty clear on how/why
to do that, so I won't rehash that.
BUT--Just to be overly paranoid, use a R/O cable on the connection that
doesn't have an IP. Just because there isn't a way to exploit it that is
currently known, does _not_ mean there isn't one. Consider this: Standard
OSI model has 7 layers. IP is Layer 3, physical is Layer 1. If you stop them
at Layer 1, there's even less risk than ever.
But--Some switches and hubs don't do so well with R/O cables. One method that
seems to work fairly well is this one:
Snort-users mailing list
Go to this URL to change user options or unsubscribe:
Snort-users list archive: