|
Honeypots
mailing list archives
RE: [inbox] undetectable NIC in promiscuous mode
From: "Weaver, Woody" <woody.weaver () spcorp com>
Date: Fri, 5 Mar 2004 14:31:56 -0500
From: Curt Purdy [mailto:purdy () tecman com]
A sure way to avoid detection is to snip your TX lines 1&2.
<nit>
...except that even if you are not transmitting, you are still
establishing carrier. In a *really strongly controlled* environment, a
switch port that was live but was supposed to have no hosts attached
would be a give-away. In a *paranoid* environment, the loss of carrier
(while you attached a hub to the live port) without explanation would be
a give-away.
So what you would have to do is find a live cable, and do something like
use inductance to reproduce the electrical signal in the cable, and then
could monitor the connection at will.
In a *dead paranoid, tempest filled environment* its all fiber, of
course...
</nit>
--woody
Woody Weaver cell: 301 524 8138 (best)
Manager, GIT Security Planning mail: woody.weaver () spcorp com
Schering-Plough, Madison NJ land: 908 298 4953
Attachment:
smime.p7s
Description:
 By Date 
By Thread
Current thread:
- RE: [inbox] undetectable NIC in promiscuous mode Weaver, Woody (Mar 05)
|
Intro
