Quoting Marcus Schopen <[EMAIL PROTECTED]>:
Hi,
on my DSL-router (masqurading) at home I'd like to install snort to see who attacks me from the internet side. I know that one should install snort on a seperate hosts before and behind the firewall to get the best results, but this is just my little "home net" and I don't want to set up further linuxboxes.
So my question: what are the risks to set up snort on the gateway-router instead of using a seperate snort host? Is that insecure? And why?
Marcus, Snort is a program just like any other that listens to a network connection, it can be compromised. AFAIK, the worst that has happened recently is that a flaw allowed an attacker to disable Snort. I consider running Snort to be better than not running it. For another possible approach, see an article I wrote:
http://www.linuxjournal.com/article.php?sid=6985
ahhh, thanks :-))
A user on the german list wrote, that it's dangerous to run snort with promiscous mode on ppp0. But he didn't explained why? Any ideas?
cheers, Marcus
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
