Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: stealth ports and IDS

From: "Paul D. Robertson" <proberts () patriot net>
Date: Thu, 3 Oct 2002 11:55:07 -0400 (EDT)
On Thu, 3 Oct 2002, Zen wrote:


      You can ifconfig the interface giving 0.0.0.0 address.


Some OS' might source packets from that address, that's probably a bad 
idea, no address is better than "0.0.0.0."



mitigate it I am looking at hardware network taps (read only). These
could be the answere but are not that cheap (kind of the whole idea).


      Just crimp an ethernet cable with only the rx couple.


Most modern switches and cards won't do the right thing without a TX lead 
due to autonegotiation of speed/duplex settings.  You might be able to get 
around it by forcing settings, but it's ceratianly not the sure thing it 
once was.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: