Firewall Wizards mailing list archives
RE: stealth ports and IDS
From: Frank Knobbe <fknobbe () knobbeits com>
Date: 04 Oct 2002 16:46:29 -0500
On Fri, 2002-10-04 at 13:47, Ben Nagy wrote:
This appears to be security urban myth. I (and others) have tried it. It doesn't work. (The problem is that most network devices will not bring up layer 1, because not all the wires are connected.)
The RO Cable I use works like a charm, so don't be so quick writing it off as an urban legend. The only drawback is that you can only use it on a plain-old, dumb hub, since my cable fakes the 'missing link' by crossing the receive pair back to send. That will confuse the heck out of switches (MAC table blow-up), but works fine on a hub. In those cases the line you are monitoring can only be half-duplex. If you want to monitor full-duplex links, you need to use a switch and configure a monitor port (or use taps and pipe their output onto a switch with a monitor port). If you want a diagram for that cable, let me know (or just look at the Snort FAQ). Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: stealth ports and IDS, (continued)
- Re: stealth ports and IDS Anton A. Chuvakin (Oct 03)
- Re: stealth ports and IDS Kevin Steves (Oct 03)
- Re: stealth ports and IDS Paul D. Robertson (Oct 03)
- Re: stealth ports and IDS Robert McMahon (Oct 03)
- Re: stealth ports and IDS Nilesh Chaudhari (Oct 05)
- Re: stealth ports and IDS Zen (Oct 03)
- Re: stealth ports and IDS Paul D. Robertson (Oct 03)
- Re: stealth ports and IDS Todd Underwood (Oct 03)
- Re: stealth ports and IDS Jim MacLeod (Oct 03)
- RE: stealth ports and IDS Ben Nagy (Oct 04)
- RE: stealth ports and IDS Frank Knobbe (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Paul D. Robertson (Oct 03)
- Re: SANS Top Ten and Commercial Firewalls Devdas Bhagat (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Paul D. Robertson (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Devdas Bhagat (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Paul Robertson (Oct 04)