25 Jan
2005
25 Jan
'05
15:01
I have a snort based intrusion detection system that sits inside my firewall but has a 2nd interface that is wired to the lan segment our border routers and firewalls are on. This interface has no IP address but operates in an 'up' status. (basically all it is doing is watching all traffic on the lan segment) What risks are there in doing this? Is there any possible way this setup can be compromised? The only protocol involved on this lan segment is IP, the medium is ethernet. Thx, cc