RE: Host Security

From: Steve Vawter (svawter@zonelabs.com)
Date: 05/10/02 

From: Steve Vawter <svawter@zonelabs.com>
To: "'ash'" <ashcrow@phreaker.net>, "Skokan, Paul" <Paul.Skokan@netapp.com>
Date: Fri, 10 May 2002 10:04:00 -0700

One suggestion that I recall from a very old paper (either "There Be
Dragons" by Steven M. Bellovin 1992 or "An Evening with Berferd ..." by Bill
Cheswick 1991 (likely *the* original honey pot!)) talk of cutting the
transmit wires on any sensors that you use. I am not sure if this is still
workable on today's switches, but it may be with the right settings on the
port...

Steve Vawter
UNIX SYSTEM ADMINISTRATOR
Zone Labs, Inc.
1060 Howard Street
San Francisco CA 94103
ph 415-341-8323
fax 415-341-8299
cell 510-409-9184
pager 877-933-0549

-----Original Message-----
From: ash [mailto:ashcrow@phreaker.net]
Sent: Thursday, May 09, 2002 8:40 PM
To: Skokan, Paul
Cc: 'security-basics@securityfocus.com'
Subject: Re: Host Security

Skokan, Paul wrote:

>I am running some FreeBSD boxes as various network monitoring hosts. The
hosts have multiple interfaces on them sniffing different network segments.
The hosts have one management interface with an IP address assigned to the
interface and the other ethernet interfaces do not have IP address assigned.
I am wondering if there are any vulnerabilities with having one of these
monitoring interfaces sit on a public network. Can the hosts be hacked at
all on the monitoring interface without an IP address...If so, how?
>
>Paul
>
Thats a really good question. The only way I can see it hapening is if
either the NIC's broadcast any info over the network, a internel user
knowing the MAC addresses and crawling their way in that way, or
possibly scanning for NIC's in promiscous mode.

Ash

Relevant Pages

  • Re: Host Security
    ... Steve Vawter wrote: ... > hosts have multiple interfaces on them sniffing different network segments. ... > interface and the other ethernet interfaces do not have IP address assigned. ...
    (Security-Basics)
  • Re: Help with simple routing
    ... >> The first two routes for the Ethernet interfaces are wrong. ... only if you want to reach hosts which are not part of the ... network directly attached. ... be able to ping your ISDN router and the hosts on ...
    (comp.os.linux.networking)
  • Multihomed Question
    ... is also possible for hosts to have more than one IP ... have only one iface, eth1, used for a network. ... rest of the interfaces are usb, ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Source MAC addresses when bridge(4) used
    ... messages on one of the hosts in my network. ... FreeBSD bridge to the rest of my network (there aren't enuf network ... laptop1 is repeating the same "moved" message: ... why is laptop1 seeing packets coming from both interfaces on ...
    (freebsd-stable)
  • Re: How to save the Firewall Zone setup for wireless Interface setting
    ... Run YaST2 again, and setup the card to managed, start on boot, no usercontrol, ... no network manager, and save. ... # setting up a lot of interfaces. ... # Switch on/off debug messages for all network configuration stuff. ...
    (alt.os.linux.suse)