RE: Receive Only Cable...

[Frank Knobbe <FKnobbe () KnobbeITS com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> -----Original Message-----
> From: Abe L. Getchell [mailto:abegetchell () home com]
> Sent: Monday, January 14, 2002 11:02 PM
>
> You wouldn't be able to launch a DoS against the system per 
> say, but the
> application (in this case Snort) the system was running.  Since the
> packets _are not_ being processed by the sensor's IP stack 
> (it's running
> in stealth mode with IP disabled), the 'system' _would not_ 'see'
> or process the packets _at all_.  

Abe,

yeah, you're right. If you remove IP from that interface, a DoS would
not be possible. I was basing my response on the assumption that IP
is active and only the RO-cable is used. On well protected box, IP
should not be running, or at least with a different IP address.

Thanks for stressing that point.

Regards,
Frank



-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME (X.509) encrypted email preferred.

iQA/AwUBPEO5s8zYtOFvgXQfEQJQ+ACcC9QitLTTIVmv+AgXTmNQpOtHiUsAn3bq
UMQCVcxJS8K7E18qtHuMqpMg
=KGF2
-----END PGP SIGNATURE-----

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users