Wireshark mailing list archives
Re: One NIC on public side
From: "mike () grounded net" <mike () grounded net>
Date: Wed, 19 May 2010 16:28:06 -0500
I didn't realize that you could actually send wireshark data which it might be able to intercept and process. I don't want to take any chances and it sounded hazy. Your reply tells me that while it's ok, can be done, still not a good idea. I could use another interface on the firewall but that's getting into unneeded complexities. I think I'll just monitor from inside and use outside only when watching real time. Thanks for your input on this. Mike On Wed, 19 May 2010 22:11:07 +0200, Marc Luethi wrote:
On Wed, 2010-05-19 at 14:05 -0500, mike () grounded net wrote:It was suggested that I take all protocols off of Nic1 which would make it safe to have on the public side.Definitely. That NIC should be as "quiet" as possible, if anyhow possible even completely passive.What I'm looking for is input on just how safe this setup is.As long as the Interface is completely passive, has no IP address and no services/listeners bound to it, it's a safe start. However, Wireshark is a piece of software that processes any data flow to and from your firewall, and its protocol dissectors are not immune to attacks: http://www.wireshark.org/security/ I do not mean to bash Wireshark or anything, it is truly one great piece of software, that helped my employer a great deal (even saved us from the spanish inqui... er... the FSA once). But as with all software, bugs are there, buffer overflows can happen... If I were your security officer, I would support this setup only if the capturing system's "inside" interface was moved into a DMZ and Wireshark was used by some form of remote desktop functionality. regards Marc ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: One NIC on public side, (continued)
- Re: One NIC on public side mike () grounded net (May 13)
- Re: One NIC on public side Kevin Cullimore (May 15)
- Re: One NIC on public side Richard Bejtlich (May 15)
- Re: One NIC on public side mike () grounded net (May 15)
- Re: One NIC on public side Boonie (May 16)
- Re: One NIC on public side mike () grounded net (May 19)
- Re: One NIC on public side Martin Visser (May 16)
- Re: One NIC on public side Richard Bejtlich (May 17)
- Re: One NIC on public side mike () grounded net (May 19)
- Re: One NIC on public side Marc Luethi (May 19)
- Re: One NIC on public side mike () grounded net (May 19)
- Re: One NIC on public side mike () grounded net (May 19)