Re: [fw-wiz] stealth ports and IDS
From: Paul D. Robertson (proberts@patriot.net)
Date: 10/03/02
- Next message: Diaz Perez · Juan Carlos: "RE: [fw-wiz] Firewall Load balancing solution"
- Previous message: jankowsr@mskcc.org: "RE: [fw-wiz] stealth ports and IDS"
- In reply to: Zen: "Re: [fw-wiz] stealth ports and IDS"
- Next in thread: Todd Underwood: "Re: [fw-wiz] stealth ports and IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Paul D. Robertson" <proberts@patriot.net> To: Zen <zen@kill-9.it> Date: Thu Oct 3 11:41:02 2002
On Thu, 3 Oct 2002, Zen wrote:
> You can ifconfig the interface giving 0.0.0.0 address.
Some OS' might source packets from that address, that's probably a bad
idea, no address is better than "0.0.0.0."
>
> > mitigate it I am looking at hardware network taps (read only). These
> > could be the answere but are not that cheap (kind of the whole idea).
>
> Just crimp an ethernet cable with only the rx couple.
Most modern switches and cards won't do the right thing without a TX lead
due to autonegotiation of speed/duplex settings. You might be able to get
around it by forcing settings, but it's ceratianly not the sure thing it
once was.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
- Next message: Diaz Perez · Juan Carlos: "RE: [fw-wiz] Firewall Load balancing solution"
- Previous message: jankowsr@mskcc.org: "RE: [fw-wiz] stealth ports and IDS"
- In reply to: Zen: "Re: [fw-wiz] stealth ports and IDS"
- Next in thread: Todd Underwood: "Re: [fw-wiz] stealth ports and IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
