Re: [fw-wiz] stealth ports and IDS

From: Paul D. Robertson (proberts@patriot.net)
Date: 10/03/02


From: "Paul D. Robertson" <proberts@patriot.net>
To: Zen <zen@kill-9.it>
Date: Thu Oct  3 11:41:02 2002

On Thu, 3 Oct 2002, Zen wrote:

> You can ifconfig the interface giving 0.0.0.0 address.

Some OS' might source packets from that address, that's probably a bad
idea, no address is better than "0.0.0.0."
>
> > mitigate it I am looking at hardware network taps (read only). These
> > could be the answere but are not that cheap (kind of the whole idea).
>
> Just crimp an ethernet cable with only the rx couple.

Most modern switches and cards won't do the right thing without a TX lead
due to autonegotiation of speed/duplex settings. You might be able to get
around it by forcing settings, but it's ceratianly not the sure thing it
once was.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation