Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: stealth ports and IDS

From: Todd Underwood <todd () osogrande com>
Date: Thu, 3 Oct 2002 09:54:59 -0600 (MDT)
folx,

On Thu, 3 Oct 2002, Zen wrote:


On Thu, Oct 03, 2002 at 10:29:21PM +1200, James X wrote:

address or stack. I do not know of a way of acheiving this using linux
or netBSD etc.. and without it I would feel rather vulnerable. To help


      You can ifconfig the interface giving 0.0.0.0 address.


careful here:  i believe that under many versions of the linux kernel this 
will cause it to answer to 0.0.0.0 datagrams.  usually not a problem if 
you have good perimeter security, but better to just up it without an 
address at all.


mitigate it I am looking at hardware network taps (read only). These
could be the answere but are not that cheap (kind of the whole idea).


      Just crimp an ethernet cable with only the rx couple.


won't link, on almost all modern 10baseT hardware.  the only way to do
this, afaik, is to use a transciever from 10base5 connector.  better sln 
may be to install a firewall on the IDS to block all outbound traffic.


t.

-- 
todd underwood, vp & cto
oso grande technologies, inc.
todd () osogrande com

"Those who give up essential liberties for temporary safety deserve
neither liberty nor safety." - Benjamin Franklin

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: