Bugtraq mailing list archives
Re: Antisniff thoughts
From: crowland () PSIONIC COM (Craig H. Rowland)
Date: Tue, 27 Jul 1999 00:17:30 -0500
FYI,
Workaround: one interface as a normal address on a normal reachable net, and a second interface configured as above sniffing a *different* net. Useful setup for remotely-administerable IDS boxes; real address lives on a protected inside net, sniffing interface plugs in to watch the dirty one but is not addressable.
Cisco NetRanger is setup this way by default. One interface is for command and control and is usually isolated. The sniffing interface has no protocols bound to it. This is for a variety of reasons, the main one being it isolates the IDS from direct attack. Not a product plug, just a note that some people do this already. -- Craig
Current thread:
- Antisniff thoughts *Hobbit* (Jul 25)
- Re: Antisniff thoughts David Dyer-Bennet (Jul 26)
- Re: Antisniff thoughts + AASS Patch Mike Perry (Jul 26)
- Re: Antisniff thoughts Craig H. Rowland (Jul 26)
- <Possible follow-ups>
- Re: Antisniff thoughts blue0ne (Jul 26)
- Re: Antisniff thoughts Wolfram Schmidt (Jul 27)