IDS mailing list archives
Re: IDS Stealth Mode
From: Jonas Eriksson <je () sekure net>
Date: Sun, 12 Jan 2003 19:40:38 +0100 (CET)
Here are some more pages about making "sniffing cables" etc http://www.geocities.com/samngms/sniffing_cable/ http://www.ironcomet.com/sniffer.shtml http://www.zweknu.org/technical/rx-only.html http://www.e-secure-db.us/dscgi/ds.py/View/Collection-1842 /jonas On Thu, 9 Jan 2003, Matt Simmons wrote:
-----BEGIN PGP SIGNED MESSAGE----- I remember that a while back, I read an article on a way to clip the transmit wires, or place a capacitor in line with them, which mucks up the signal and effectivly takes away the wire. The weakness in the situation that you provided would be in the secure network, and physical access to the box, imho. I did a quick search of google of stealth ethernet, there might be something more elegant out there. It seems pretty rough: http://web.cuzuco.com/~cuzuco/stealth/ Good luck.. Matt Simmons security () wirefire com On Wednesday 08 January 2003 09:39 am, you wrote:Retrying this post after 2 days: A common deployment configuration of Network IDS is to have 2 NICs; Teh monitoring interface in "stealth mode" with no IP and the "management" interface on a trusted internal network. My question is: Has anyone ever exploited the "stealth" interface to traverse networks? Has anyone (else) ever had to defend such a configuration against the argument: "where there's a wire, there's a way" ? r)(0)(m- -- "Sometimes I lie awake at night, and I ask, 'Where have I gone wrong?' Then a voice says to me, 'This is going to take more than one night.' " - --- Charlie Brown - -----BEGIN GEEK CODE BLOCK----- Version: 3.1 http://www.ebb.org/ungeek/ GCS/IT/CC d-- s++ a-- C---(++++)$ UL+++ P(!)+ L+++ W+(--) N+ w--- M+ V- PS+ PE Y++ PGP++ t++>+ 5- X+ R- tv-->! b+++ DI++ D+++ G++ e h-(*) r--(*) y+(--) ------END GEEK CODE BLOCK------ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUBPh19sz4Dew3a4ModAQGZagf6AlfYBk9SkVllh1bgJfwZIf3egfqbz0kp fvnrb6xcGZmgyf/bwiRphrj+piuMRLetVh2zKAtMe4lF1f1h1EO14mphGzXFWap2 s4eDg2fDHdfP11ooGA7r2/0oOz8+QnhYcfbp6vwCxeguSDNOYAMZvCubcoxgFoQf KXySQmwTmCrpC3xqZfeRkZuPRHH1iAwMeV+icTVzHPi1zJx/7COat/zNDsaFcHlN kuhzBTCIJEMwsbrED8o/F+lFpO9EGMSdrQQmeoheJPfUU3cmYwizdyxnhEOicEqR bBAHEokiNQgCBiBa09PHRisvMBuJ/0oDm/gkQMusdP7AtQYy4uBXPw== =Dt90 -----END PGP SIGNATURE-----
-- Favourite pickup line: Hey baby, wanna synchronize sequence numbers? Warning: not always effective
Current thread:
- IDS Stealth Mode r)(o)(m (Jan 08)
- Re: IDS Stealth Mode Kurt Seifried (Jan 09)
- Re: IDS Stealth Mode M. Dodge Mumford (Jan 10)
- Re: IDS Stealth Mode Talisker (Jan 11)
- Re: IDS Stealth Mode Dave Mitchell (Jan 11)
- Re: IDS Stealth Mode Matt Harris (Jan 11)
- RE: IDS Stealth Mode Aditya (Jan 12)
- RE: IDS Stealth Mode Brito, Nelson (ISS Brazil) (Jan 21)
- Re: IDS Stealth Mode Matt Simmons (Jan 21)
- Re: IDS Stealth Mode Jonas Eriksson (Jan 12)
- Re: IDS Stealth Mode Frank Knobbe (Jan 19)
- Re: IDS Stealth Mode Jonas Eriksson (Jan 12)