IDS mailing list archives
RE: IDS Stealth Mode
From: "Brito, Nelson (ISS Brazil)" <nbrito () iss net>
Date: Thu, 9 Jan 2003 11:00:59 -0200
About issue #1: Sometimes ago, you could crash some NIDS, even using "stealth NIC", with some tools, such as: stick and snot. Nowadays, I'm not sure about others products, but you cannot crash RealSecure Network Sensor 7.0 using this tools or any other one. The only way you were able to exploit the NIDS using "stealth NIC" was using DoS attacks, crashing the engine or even the host machine. I never saw any successful attack using "stealth NIC" to gain access to the LAN or any other internal network. About issue #2: Oh, yeah. But when you say that you don't have any protocol "binded" on this NIC nor "IP Forward" enabled, it's easier to the customer to understand that. Hope this help. Cheers. Sem mais, -- Nelson Brito System Engineer Internet Security Systems (Brazil) ____________________________________________________ Assembleia, 10/3310 | CEP: 20.011-901 Rio de Janeiro - RJ | NASDAQ: ISSX Phone/FAX: 55+21 2232-2929 | WEB: www.iss.net Mobile: 55+21 9963-2644 | The power to protect! ____________________________________________________ To contact me directly, please mailto:nbrito () iss net.
-----Original Message----- From: r)(o)(m [mailto:nom.de.guerre () bonbon net] Sent: Wednesday, January 08, 2003 12:40 PM To: focus-ids () securityfocus com Subject: IDS Stealth Mode Retrying this post after 2 days: A common deployment configuration of Network IDS is to have 2 NICs; Teh monitoring interface in "stealth mode" with no IP and the "management" interface on a trusted internal network. My question is: Has anyone ever exploited the "stealth" interface to traverse networks? Has anyone (else) ever had to defend such a configuration against the argument: "where there's a wire, there's a way" ? r)(0)(m
Current thread:
- IDS Stealth Mode r)(o)(m (Jan 08)
- Re: IDS Stealth Mode Kurt Seifried (Jan 09)
- Re: IDS Stealth Mode M. Dodge Mumford (Jan 10)
- Re: IDS Stealth Mode Talisker (Jan 11)
- Re: IDS Stealth Mode Dave Mitchell (Jan 11)
- Re: IDS Stealth Mode Matt Harris (Jan 11)
- RE: IDS Stealth Mode Aditya (Jan 12)
- RE: IDS Stealth Mode Brito, Nelson (ISS Brazil) (Jan 21)
- Re: IDS Stealth Mode Matt Simmons (Jan 21)
- Re: IDS Stealth Mode Jonas Eriksson (Jan 12)
- Re: IDS Stealth Mode Frank Knobbe (Jan 19)
- Re: IDS Stealth Mode Jonas Eriksson (Jan 12)