Quoting Marcus Schopen <[EMAIL PROTECTED]>: > Hi, > > on my DSL-router (masqurading) at home I'd like to install snort to see > who attacks me from the internet side. I know that one should install > snort on a seperate hosts before and behind the firewall to get the best > results, but this is just my little "home net" and I don't want to set > up further linuxboxes. > > So my question: what are the risks to set up snort on the gateway-router > instead of using a seperate snort host? Is that insecure? And why? >
Marcus, Snort is a program just like any other that listens to a network connection, it can be compromised. AFAIK, the worst that has happened recently is that a flaw allowed an attacker to disable Snort. I consider running Snort to be better than not running it. For another possible approach, see an article I wrote: http://www.linuxjournal.com/article.php?sid=6985 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
