Firewall Wizards mailing list archives
RE: stealth ports and IDS
From: jankowsr () mskcc org
Date: Thu, 3 Oct 2002 11:47:38 -0400
Linux Journal had an article on this a while back. Here's the link: http://www.linuxjournal.com/article.php?sid=6222 -- Richard Jankowski Senior Security Analyst Information Security Memorial Sloan-Kettering Cancer Center 1050 Wall Street West - 5th Floor Lyndhurst, NJ 07071 Ph: 201-635-5429 Fax: 201-507-1909 -----Original Message----- From: proberts [mailto:proberts () patriot net] Sent: Thursday, October 03, 2002 11:09 AM To: scouser Cc: firewall-wizards Subject: Re: [fw-wiz] stealth ports and IDS On 3 Oct 2002, James X wrote:
One stumbling box has been the idea of a stealth port. I usually operate my IDS boxes with the interfaces in stealth mode ie no IP address or stack. I do not know of a way of acheiving this using linux or netBSD etc.. and without it I would feel rather vulnerable. To help
Maybe it's just me, but how about just not putting an IP address on the interface? I doubt you can get away with not puting IP in the kernel, but I really don't know enough about how libpcap does its thing to say for sure... Paul ------------------------------------------------------------------------ ----- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: stealth ports and IDS jankowsr (Oct 03)
- <Possible follow-ups>
- RE: stealth ports and IDS Bruce Platt (Oct 03)