Security Basics mailing list archives
RE: Read Only Ethernet Cable
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 12 Feb 2003 19:29:27 -0800
I'm assuming here by the information you've given so if I'm wrong please correct me. You want to make a cable that allows the traffic to go in one direction. the idea being that your snort box does not send information just receives it. I don't think you can do this with a special cable as ethernet need to be able to send acks back to let the sending side know that it received that data.
This would be true ONLY if the snort box were the intended destination of the traffic. BUT IT'S NOT! The snort box just wants to sniff traffic passing by it, between other endpoints. As long as the endpoints can acknowledge each other, the traffic will flow. On a "repeated segment" (hub or mirrored switch port), the traffic will be visible at the snort box's NIC, and can be seen as long as the NIC is in promiscuous mode. The read-only cable ensures that nothing on the snort box will give itself away by sending on this segment, so (a) full duplex still works without fear of collisions, and (b) techniques for detecting sniffers will fail. The question is: Is the wiring diagram correct? It looks about right to me, but I don't have a spec handy to check it against. David Gillett
Current thread:
- Read Only Ethernet Cable Naman Latif (Feb 12)
- Re: Read Only Ethernet Cable Rory (Feb 12)
- RE: Read Only Ethernet Cable security (Feb 13)
- RE: Read Only Ethernet Cable David Gillett (Feb 14)
- Re: Read Only Ethernet Cable James Taylor (Feb 13)
- RE: Read Only Ethernet Cable David Gillett (Feb 13)
- RE: Read Only Ethernet Cable security (Feb 13)
- Re: Read Only Ethernet Cable Zinger (Feb 12)
- Re: Read Only Ethernet Cable stefmit (Feb 12)
- <Possible follow-ups>
- RE: Read Only Ethernet Cable Ray Lewis (Feb 12)
- Re: Read Only Ethernet Cable Ivan Coric (Feb 13)
- RE: Read Only Ethernet Cable John Canty (Feb 13)
- Re: Read Only Ethernet Cable Rory (Feb 12)