Vulnerability Development mailing list archives
Re: Firewall and IDS, (the second way).
From: "Zow" Terry Brugger <zow () llnl gov>
Date: Wed, 20 Mar 2002 08:55:56 -0800
Then you also have to consider the so called Stealth mode, which is more typical of a hubbed (perhaps smaller) environments, where no IP address is assigned to the interface, this makes it non addressable but still available for promiscious mode hence IDS. In this mode the device should not respond to probing such as crafted multicast packets, and as its interface is not defined it would also not know its nameserver addresses so not attempt DNS queries.
You know, I was just thinking about this some more: is there any way (assuming that you have sufficient access to a given LAN) to illicit a response from an Ethernet device directly, regardless of what higher level protocols may or may not be bound to it? I mean, every Ethernet interface has a unique address, and there are at least protocols to map IPs to those addresses (ARP) and back (RARP), so is there anyway that you could maybe generate an invalid Ethernet frame, send it to some Ethernet address and get a response? Granted, I doubt this'll be much use in mapping networks blindly though, as the space for MAC addresses is huge, and can be easily defended against by snipping the transmit wire on the incoming Ethernet cable (ignoring the convolutions that must be done along with that). -"Zow" use standardDisclaimer
Current thread:
- Firewall and IDS, (the second way). sekure (Mar 15)
- Re: Firewall and IDS, (the second way). Zow (Mar 15)
- RE: Firewall and IDS, (the second way). Benjamin P. Grubin (Mar 16)
- Re: Firewall and IDS, (the second way). Bryan Burns (Mar 16)
- RE: Firewall and IDS, (the second way). Dom De Vitto (Mar 16)
- Re: Firewall and IDS, (the second way). Michel Arboi (Mar 16)
- Re: Firewall and IDS, (the second way). Timothy J. Miller (Mar 19)
- Re: Firewall and IDS, (the second way). Anthony Stevens (Mar 20)
- <Possible follow-ups>
- Re: Firewall and IDS, (the second way). Marco Ivaldi (Mar 18)
- RE: Firewall and IDS, (the second way). PJD (Mar 19)
- Re: Firewall and IDS, (the second way). Zow (Mar 20)
- RE: Firewall and IDS, (the second way). Pedro Quintanilha (Mar 19)
- RE: Firewall and IDS, (the second way). Bojan Zdrnja (Mar 20)
- RE: Firewall and IDS, (the second way). Pedro Quintanilha (Mar 20)
- RE: Firewall and IDS, (the second way). Bojan Zdrnja (Mar 20)
- Re: Firewall and IDS, (the second way). Zow (Mar 15)