RE: Host SecurityFrom: Steve Vawter (firstname.lastname@example.org)
- Previous message: Craig Brauckmiller: "IIS 5 Log FIle Question"
- Maybe in reply to: Skokan, Paul: "Host Security"
- Next in thread: Meritt James: "Re: Host Security"
- Reply: Meritt James: "Re: Host Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Steve Vawter <email@example.com> To: "'ash'" <firstname.lastname@example.org>, "Skokan, Paul" <Paul.Skokan@netapp.com> Date: Fri, 10 May 2002 10:04:00 -0700
One suggestion that I recall from a very old paper (either "There Be
Dragons" by Steven M. Bellovin 1992 or "An Evening with Berferd ..." by Bill
Cheswick 1991 (likely *the* original honey pot!)) talk of cutting the
transmit wires on any sensors that you use. I am not sure if this is still
workable on today's switches, but it may be with the right settings on the
UNIX SYSTEM ADMINISTRATOR
Zone Labs, Inc.
1060 Howard Street
San Francisco CA 94103
Skokan, Paul wrote:
>I am running some FreeBSD boxes as various network monitoring hosts. The
hosts have multiple interfaces on them sniffing different network segments.
The hosts have one management interface with an IP address assigned to the
interface and the other ethernet interfaces do not have IP address assigned.
I am wondering if there are any vulnerabilities with having one of these
monitoring interfaces sit on a public network. Can the hosts be hacked at
all on the monitoring interface without an IP address...If so, how?
Thats a really good question. The only way I can see it hapening is if
either the NIC's broadcast any info over the network, a internel user
knowing the MAC addresses and crawling their way in that way, or
possibly scanning for NIC's in promiscous mode.