Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: stealth ports and IDS

From: jankowsr () mskcc org
Date: Thu, 3 Oct 2002 11:47:38 -0400
Linux Journal had an article on this a while back. Here's the link:
http://www.linuxjournal.com/article.php?sid=6222

--
Richard Jankowski
Senior Security Analyst
Information Security 
Memorial Sloan-Kettering Cancer Center
1050 Wall Street West - 5th Floor
Lyndhurst, NJ 07071
Ph: 201-635-5429
Fax: 201-507-1909


-----Original Message-----
From: proberts [mailto:proberts () patriot net]
Sent: Thursday, October 03, 2002 11:09 AM
To: scouser
Cc: firewall-wizards
Subject: Re: [fw-wiz] stealth ports and IDS


On 3 Oct 2002, James X wrote:


One stumbling box has been the idea of a stealth port.  I usually
operate my IDS boxes with the interfaces in stealth mode ie no IP
address or stack. I do not know of a way of acheiving this using linux
or netBSD etc.. and without it I would feel rather vulnerable. To help


Maybe it's just me, but how about just not putting an IP address on the 
interface?  

I doubt you can get away with not puting IP in the kernel, but I really 
don't know enough about how libpcap does its thing to say for sure...

Paul
------------------------------------------------------------------------
-----
Paul D. Robertson      "My statements in this message are personal 
opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure 
Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: