Honeypots mailing list archives
RE: undetectable NIC in promiscuous mode
From: Simon Thornton <simon.thornton () swift com>
Date: Thu, 11 Mar 2004 15:34:31 +0100
Hi Jose, I prefer the use of hardware TAPs on links, these isolate the IDS completely from the link and make the system undetectable. As the TAP prevents any device on the monitor ports from injecting data into the link, it doesn't matter if the IDS interface is configured with an IP or not. Of course there is a cost to this, they aren't cheap. I found it easier to convince the network guys that inserting the TAP is a lower risk than relying on special cables. Once installed the TAP is invisible to the link being monitored. There are quite a few vendors, have a look at networkcritical.co.uk - their TAP range covers Copper and Fibre along with a variety of packaging options. One point to remember with TAP vendors (finisar comes to mind), most sell the TAP as part of a monitoring solution and usually do not support other uses (though they work just fine). Rgds, Simon -----Original Message----- From: Jose_Maria_Gonzalez () dell com [mailto:Jose_Maria_Gonzalez () dell com] Sent: Friday, March 05, 2004 10:41 To: honeypots () securityfocus com Subject: undetectable NIC in promiscuous mode Hi There, Correct me if I am wrong but would a host with a NIC in promiscuous mode with no IP set-up be detectable? Thanking you in advance, Rgds, Jose Gonzalez
Attachment:
smime.p7s
Description:
Current thread:
- undetectable NIC in promiscuous mode Jose_Maria_Gonzalez (Mar 05)
- Re: undetectable NIC in promiscuous mode Chris Brenton (Mar 05)
- RE: undetectable NIC in promiscuous mode Román Ramírez (Mar 05)
- RE: [inbox] undetectable NIC in promiscuous mode Curt Purdy (Mar 05)
- Re: [inbox] undetectable NIC in promiscuous mode Work (Mar 05)
- RE: [inbox] undetectable NIC in promiscuous mode Chris Brenton (Mar 05)
- Re: [inbox] undetectable NIC in promiscuous mode Secdigital (Mar 07)
- RE: undetectable NIC in promiscuous mode Simon Thornton (Mar 11)
- <Possible follow-ups>
- RE: undetectable NIC in promiscuous mode Jose_Maria_Gonzalez (Mar 05)
- Re: undetectable NIC in promiscuous mode Work (Mar 07)
- RE: undetectable NIC in promiscuous mode Walter, Mario {VIE-~Kaiseraugst} (Mar 08)
- Re: undetectable NIC in promiscuous mode Chris Brenton (Mar 05)