Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Antisniff thoughts
From: crowland () PSIONIC COM (Craig H. Rowland)
Date: Tue, 27 Jul 1999 00:17:30 -0500


FYI,

Workaround: one interface as a normal address on a normal reachable net, and a
second interface configured as above sniffing a *different* net.  Useful
setup for remotely-administerable IDS boxes; real address lives on a protected
inside net, sniffing interface plugs in to watch the dirty one but is not
addressable.

Cisco NetRanger is setup this way by default. One interface is for command
and control and is usually isolated. The sniffing interface has no
protocols bound to it. This is for a variety of reasons, the main one
being it isolates the IDS from direct attack. Not a product plug, just a
note that some people do this already.

-- Craig


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault