Firewall Wizards mailing list archives
Re: stealth ports and IDS
From: Todd Underwood <todd () osogrande com>
Date: Thu, 3 Oct 2002 09:54:59 -0600 (MDT)
folx, On Thu, 3 Oct 2002, Zen wrote:
On Thu, Oct 03, 2002 at 10:29:21PM +1200, James X wrote:address or stack. I do not know of a way of acheiving this using linux or netBSD etc.. and without it I would feel rather vulnerable. To helpYou can ifconfig the interface giving 0.0.0.0 address.
careful here: i believe that under many versions of the linux kernel this will cause it to answer to 0.0.0.0 datagrams. usually not a problem if you have good perimeter security, but better to just up it without an address at all.
mitigate it I am looking at hardware network taps (read only). These could be the answere but are not that cheap (kind of the whole idea).Just crimp an ethernet cable with only the rx couple.
won't link, on almost all modern 10baseT hardware. the only way to do this, afaik, is to use a transciever from 10base5 connector. better sln may be to install a firewall on the IDS to block all outbound traffic. t. -- todd underwood, vp & cto oso grande technologies, inc. todd () osogrande com "Those who give up essential liberties for temporary safety deserve neither liberty nor safety." - Benjamin Franklin _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: SANS Top Ten and Commercial Firewalls, (continued)
- Re: SANS Top Ten and Commercial Firewalls H. Morrow Long (Oct 02)
- Re: SANS Top Ten and Commercial Firewalls Devdas Bhagat (Oct 02)
- stealth ports and IDS James X (Oct 03)
- Re: stealth ports and IDS Anton A. Chuvakin (Oct 03)
- Re: stealth ports and IDS Kevin Steves (Oct 03)
- Re: stealth ports and IDS Paul D. Robertson (Oct 03)
- Re: stealth ports and IDS Robert McMahon (Oct 03)
- Re: stealth ports and IDS Nilesh Chaudhari (Oct 05)
- stealth ports and IDS James X (Oct 03)
- Re: stealth ports and IDS Zen (Oct 03)
- Re: stealth ports and IDS Paul D. Robertson (Oct 03)
- Re: stealth ports and IDS Todd Underwood (Oct 03)
- Re: stealth ports and IDS Jim MacLeod (Oct 03)
- RE: stealth ports and IDS Ben Nagy (Oct 04)
- RE: stealth ports and IDS Frank Knobbe (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Paul D. Robertson (Oct 03)
- Re: SANS Top Ten and Commercial Firewalls Devdas Bhagat (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Paul D. Robertson (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Devdas Bhagat (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Paul Robertson (Oct 04)