Quoting Marcus Schopen <[EMAIL PROTECTED]>:
Hi,
on my DSL-router (masqurading) at home I'd like to install snort to see who attacks me from the internet side. I know that one should install snort on a seperate hosts before and behind the firewall to get the best results, but this is just my little "home net" and I don't want to set up further linuxboxes.
So my question: what are the risks to set up snort on the gateway-router instead of using a seperate snort host? Is that insecure? And why?
Marcus, Snort is a program just like any other that listens to a network connection, it can be compromised. AFAIK, the worst that has happened recently is that a flaw allowed an attacker to disable Snort. I consider running Snort to be better than not running it. For another possible approach, see an article I wrote:
http://www.linuxjournal.com/article.php?sid=6985
The article is great but does not help in my case, because I use pppoe to connect to my provider.
Bye, Marcus
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
