Re: [fw-wiz] stealth ports and IDS

From: Paul D. Robertson (
Date: 10/03/02

From: "Paul D. Robertson" <>
To: Zen <>
Date: Thu Oct  3 11:41:02 2002

On Thu, 3 Oct 2002, Zen wrote:

> You can ifconfig the interface giving address.

Some OS' might source packets from that address, that's probably a bad
idea, no address is better than ""
> > mitigate it I am looking at hardware network taps (read only). These
> > could be the answere but are not that cheap (kind of the whole idea).
> Just crimp an ethernet cable with only the rx couple.

Most modern switches and cards won't do the right thing without a TX lead
due to autonegotiation of speed/duplex settings. You might be able to get
around it by forcing settings, but it's ceratianly not the sure thing it
once was.

Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact." Director of Risk Assessment TruSecure Corporation