Firewall Wizards mailing list archives
Re: stealth ports and IDS
From: Kevin Steves <stevesk () pobox com>
Date: Thu, 3 Oct 2002 09:20:20 -0700
On Thu, Oct 03, 2002 at 10:59:29AM -0400, Anton A. Chuvakin wrote:
address or stack. I do not know of a way of acheiving this using linux or netBSD etc.. and without it I would feel rather vulnerable. To helpWell, in Linux its really simple: ifconfig eth1 up with enable the interface with no IP. Just use the snort with "snort -i eth1" and you are in action.
A 0 addr up interface may transmit. I know OpenBSD will currently respond to ARP requests for 0.0.0.0 in this case; NetBSD should not (from my examination of the source). And there may be other transmit cases for a 0.0.0.0 up interface (I suspect there probably are) depending on OS. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- SANS Top Ten and Commercial Firewalls Gary Flynn (Oct 02)
- Re: SANS Top Ten and Commercial Firewalls H. Morrow Long (Oct 02)
- Re: SANS Top Ten and Commercial Firewalls Devdas Bhagat (Oct 02)
- stealth ports and IDS James X (Oct 03)
- Re: stealth ports and IDS Anton A. Chuvakin (Oct 03)
- Re: stealth ports and IDS Kevin Steves (Oct 03)
- Re: stealth ports and IDS Paul D. Robertson (Oct 03)
- Re: stealth ports and IDS Robert McMahon (Oct 03)
- Re: stealth ports and IDS Nilesh Chaudhari (Oct 05)
- stealth ports and IDS James X (Oct 03)
- Re: stealth ports and IDS Zen (Oct 03)
- Re: stealth ports and IDS Paul D. Robertson (Oct 03)
- Re: stealth ports and IDS Todd Underwood (Oct 03)
- Re: stealth ports and IDS Jim MacLeod (Oct 03)
- RE: stealth ports and IDS Ben Nagy (Oct 04)
- RE: stealth ports and IDS Frank Knobbe (Oct 04)