Firewall Wizards mailing list archives

stealth ports and IDS

From: James X <scouser () paradise net nz>
Date: 03 Oct 2002 22:29:21 +1200

When configuring IDS boxes my preference has always been for snort
running on a solaris sparc box.

For cost reasons I would like to use a non proprietry platform. Lets
face it Sun hardware is damn expensive.
One stumbling box has been the idea of a stealth port.  I usually
operate my IDS boxes with the interfaces in stealth mode ie no IP
address or stack. I do not know of a way of acheiving this using linux
or netBSD etc.. and without it I would feel rather vulnerable. To help
mitigate it I am looking at hardware network taps (read only). These
could be the answere but are not that cheap (kind of the whole idea).
What are peoples opinions ?

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

SANS Top Ten and Commercial Firewalls Gary Flynn (Oct 02)
- Re: SANS Top Ten and Commercial Firewalls H. Morrow Long (Oct 02)
- Re: SANS Top Ten and Commercial Firewalls Devdas Bhagat (Oct 02)
  - stealth ports and IDS James X (Oct 03)
    - Re: stealth ports and IDS Anton A. Chuvakin (Oct 03)
    - Re: stealth ports and IDS Kevin Steves (Oct 03)
    - Re: stealth ports and IDS Paul D. Robertson (Oct 03)
    - Re: stealth ports and IDS Robert McMahon (Oct 03)
    - Re: stealth ports and IDS Nilesh Chaudhari (Oct 05)
    - Re: stealth ports and IDS Zen (Oct 03)
    - Re: stealth ports and IDS Paul D. Robertson (Oct 03)
    - Re: stealth ports and IDS Todd Underwood (Oct 03)
    - Re: stealth ports and IDS Jim MacLeod (Oct 03)
    - RE: stealth ports and IDS Ben Nagy (Oct 04)

(Thread continues...)