Penetration Testing mailing list archives
Re: [PEN-TEST] IDS identification and a personal cry for help :)
From: Domenico De Vitto <dom () DEVITTO DEMON CO UK>
Date: Fri, 18 Aug 2000 22:58:13 +0100
Yep, this works too, but if you've a switch, you just put that port as a recieve-everything-on-all-vlans mode. Strangely, nobody has mentioned simply not having an IP stack on the interface - al la SunScreens. I am right in saying that the very first IDS (by Texas Uni ) was a external DOS box that just sniff'd & logged without having a network stack at all? Dom -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Michael Schubert Sent: 18 August 2000 02:59 To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] IDS identification and a personal cry for help :)
The correctly paranoid install Ethernet or optical (depending on flavor of sniffed connection) condoms aka the Shomiti Century tap for 10/100/1000 Ethernet utp or optical from www.shomiti.com or the netoptics %80/%20 optical splitters from www.netoptics.com. With them in place and either no management connection or a properly isolated management connection (i.e. no connection to the Internet) it really doesn't matter what ports are or are not open on your IDS because the tap is one way, it doesn't have a connection to the transmit side of your IDS (except to
Along this same line the poor-man's solution to this, I believe would be to simply use a hub between box A and box B with box C on the hub with the transmit pair of the rj45 disconnected (cut-out), I'm thinking this would achieve the same effect of a completely muted promisc box, although this wouldn't be possible with fiber. Anyone ever tried this? -- Michael Schubert -- schubert () fsck org
Current thread:
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Domenico De Vitto (Aug 21)
- <Possible follow-ups>
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Dragos Ruiu (Aug 21)
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Dragos Ruiu (Aug 21)
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Talisker (Aug 21)
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Bill Pennington (Aug 22)
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Pedro Quintanilha (Aug 23)
- Re: [PEN-TEST] IDS identification and a personal cry for help :) Bill Pennington (Aug 22)