Security Basics mailing list archives
RE: TCP/IP services, Win2k, and Snort.
From: "Mark Ng" <laptopalias1-mark () informationintelligence net>
Date: Thu, 15 May 2003 10:22:56 +0100
Hi, If you're in a situation where your security needs are very tight, you could put a recieve only ethernet cable on the machine (google about, there should be a guide on the internet). Your switch may need special configuration to send traffic to this port though. This will ensure that the only attacks that should be possible against this machine are denial of service attacks, due to the fact that an attacker cannot get any network data back from the machine. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I guess my question is--without an IP address, in pasive sniffer mode, and setting aside any vulnerabilities in snort (recent RPC and stream4 fr'instance), can its presence be detected (via MAC address?), and if so, with TCP/IP turned off for the interface, what kind of exploitation could it be vulnerable to? I know there are papers about how to detect promiscuous interfaces.
Such as: Having obtained the MAC address on the sniffing interface, could pure 802.b packets be sent to try to crack the box?
--------------------------------------------------------------------------- Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics ----------------------------------------------------------------------------
Current thread:
- TCP/IP services, Win2k, and Snort. dataclaus1 (May 14)
- RE: TCP/IP services, Win2k, and Snort. Mark Ng (May 15)
- <Possible follow-ups>
- RE: TCP/IP services, Win2k, and Snort. CHRIS GRABENSTEIN (May 15)
- RE: TCP/IP services, Win2k, and Snort. Kurt (May 20)