Honeypots mailing list archives
RE: [inbox] undetectable NIC in promiscuous mode
From: "Curt Purdy" <purdy () tecman com>
Date: Fri, 5 Mar 2004 14:56:57 -0600
Weaver, Woody wrote:
In a *really strongly controlled* environment, a switch port that was live but was supposed to have no hosts attached would be a give-away. In a *paranoid* environment, the loss of carrier (while you attached a hub to the live port) without explanation would be a give-away.
Jeese, I found someone more paranoid than me ;) Actually I was thinking in relation to an IDS being detected by an attacker. This is the mode I run Snort on to prevent that. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke
Current thread:
- RE: [inbox] undetectable NIC in promiscuous mode Weaver, Woody (Mar 05)
- RE: [inbox] undetectable NIC in promiscuous mode Curt Purdy (Mar 05)
- Re: [inbox] undetectable NIC in promiscuous mode Valdis . Kletnieks (Mar 08)
- <Possible follow-ups>
- RE: [inbox] undetectable NIC in promiscuous mode Bement, Daniel (Mar 05)
- RE: [inbox] undetectable NIC in promiscuous mode Chris Brenton (Mar 07)
- RE: [inbox] undetectable NIC in promiscuous mode Roger A. Grimes (Mar 07)
- Re: [inbox] undetectable NIC in promiscuous mode Ian Baker (Mar 07)
- RE: [inbox] undetectable NIC in promiscuous mode Teicher, Mark (Mark) (Mar 08)