Re: IDS on an internal server

From: Joe Lyman (JLyman@graphicproducts.com)
Date: 08/15/01


Message-Id: <sb7a8c3b.049@gw.graphicproducts.com>
Date: Wed, 15 Aug 2001 14:50:01 -0700
From: "Joe Lyman" <JLyman@graphicproducts.com>
To: <adokey@reidtool.com>, <focus-ms@securityfocus.com>
Subject: Re: IDS on an internal server

We ran the same thing on a linux box behind our router with no problems. I would recommend using a one-way sniffer cable, which can be easily constructed (5 min). See http://personal.ie.cuhk.edu.hk/~msng0/sniffing_cable/index.htm

The one way cable gives almost unbreachable security for your IDS on that NIC.

The page isn't too specific about the capacitory. I'm using a 100mF 16v capacitor for my 10MB connection and it works fine. A smaller one would work for 100MB, perhaps a 47mF.

-Joseph Lyman
Graphic Products, Inc.
503-644-5572 ex 5662
800-788-5572 Toll Free
jlyman@graphicproducts.com

>>> Aaron Dokey <adokey@reidtool.com> 08/15/01 10:44AM >>>
I have a win2k box on my trusted internal network that processes logs,
monitors other machines, etc... I would like to put a NIC in this machine
with no bindings to any protocol or service for the soul purpose of putting
snort right behind our internet router. I don't see any security
implications as long as no protocols or services are bound to the interface
but I'd like to double check. Any complications that I am missing? Anyone
have a similar configuration?

Thank you,
Aaron Dokey



Relevant Pages

  • RE: VPN PPTP problem
    ... Internet Security and Acceleration Server 2004 Standard ... | Protocol Info ... | Header checksum: 0x7708 ... | Transmission Control Protocol, Src Port: 1619, Dst Port: pptp ...
    (microsoft.public.windows.server.sbs)
  • More info (Re: ppp dialin problems: mgetty and ppp.conf)
    ... connection to the Internet, however, it appears that if I maintain the ... slots with slot compression ... 0x8057 (Internet Protocol V6 Control Protocol) was rejected! ...
    (freebsd-questions)
  • Re: Why so much cross-posting?
    ... BTW the Protocol came from UK and France AFAIRC ... So you were on the internet in the mid-70s through your connection ... The British NPL network was developed at the NPL lab in Teddington. ...
    (alt.photography)
  • Re: New to ISA
    ... Is it safe to have protocol and content ... > The ports that will open are for the external interface of ISA Server ... > ISA Server 2000 can't use packet filters for NATed clients. ... >> All i want to do is NATing to my internal web servers and internet ...
    (microsoft.public.isaserver)
  • Help Interpreting data from Wireshark
    ... Today while on the Internet I got the following data from p54A05FE2.dip.t-dialin.net on my Wireshark display. ... Protocol Info ... Fragment offset: 0 ... Header checksum: 0x78f0 ...
    (comp.os.linux.security)