Re: IDS Sensor operation
From: Graeme Connell (gconnell_at_middlebury.edu)
Date: 09/29/04
- Previous message: Jason: "Re: IPS, alternative solutions"
- In reply to: Vijai K (Infosec) - CTD, Chennai.: "IDS Sensor operation"
- Next in thread: Joshua Berry: "RE: IDS Sensor operation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Sep 2004 09:42:09 -0400 To: "Vijai K (Infosec) - CTD, Chennai." <vijaik@ctd.hcltech.com>
An interface in promiscuous mode can still have an IP address. Just run
ifconfig <interface> promisc
and, voila! A promiscuous interface. It only means that it registers
all packets that hit it. So to answer your question: An IPS can sniff
traffic and send configuration information on the same interface. Hope
this helps.
--Graeme Connell
Vijai K (Infosec) - CTD, Chennai. wrote:
>Hi folks
>
>
>Basically sensors operates with promiscuous mode interface for monitoring
>data,rite
>But there is an optionality in an IDS to alert the firewall (reconfigure)to
>block the intrusion IP, and also to kill the session or connectionby the
>sensor itself.
>
>this we see in Realsecure Network sensor 7.0 where there is a option called
>RSKILL.
>
>But the question is how is it possible for a interface in promiscuous mode
>to act like this since there is no binding in the interface(TCP/IP,etc).
>
>Did it uses other NIC which is for management purpose???
>
>Hope u all understand the question
>
>
>
>Regds
>Vijai.K
>
>
>
>DISCLAIMER
>This message and any attachment(s) contained here are information that is
>confidential, proprietary to HCL Technologies and its customers. Contents
>may be privileged or otherwise protected by law. The information is solely
>intended for the individual or the entity it is addressed to. If you are not
>the intended recipient of this message, you are not authorized to read,
>forward, print, retain, copy or disseminate this message or any part of it.
>If you have received this e-mail in error, please notify the sender
>immediately by return e-mail and delete it from your computer.
>
>
>
>--------------------------------------------------------------------------
>Test Your IDS
>
>Is your IDS deployed correctly?
>Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
>Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
>--------------------------------------------------------------------------
>
>
>
>
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
- Previous message: Jason: "Re: IPS, alternative solutions"
- In reply to: Vijai K (Infosec) - CTD, Chennai.: "IDS Sensor operation"
- Next in thread: Joshua Berry: "RE: IDS Sensor operation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
