Snort mailing list archives
RE: Receive Only Cable...
From: Frank Knobbe <FKnobbe () KnobbeITS com>
Date: Mon, 14 Jan 2002 23:10:09 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-----Original Message----- From: Abe L. Getchell [mailto:abegetchell () home com] Sent: Monday, January 14, 2002 11:02 PM You wouldn't be able to launch a DoS against the system per say, but the application (in this case Snort) the system was running. Since the packets _are not_ being processed by the sensor's IP stack (it's running in stealth mode with IP disabled), the 'system' _would not_ 'see' or process the packets _at all_.
Abe, yeah, you're right. If you remove IP from that interface, a DoS would not be possible. I was basing my response on the assumption that IP is active and only the RO-cable is used. On well protected box, IP should not be running, or at least with a different IP address. Thanks for stressing that point. Regards, Frank -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME (X.509) encrypted email preferred. iQA/AwUBPEO5s8zYtOFvgXQfEQJQ+ACcC9QitLTTIVmv+AgXTmNQpOtHiUsAn3bq UMQCVcxJS8K7E18qtHuMqpMg =KGF2 -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Receive Only Cable... Chris Arsenault (Jan 14)
- <Possible follow-ups>
- RE: Receive Only Cable... Frank Knobbe (Jan 14)
- Re: Receive Only Cable... Anthony Scalzitti (Jan 14)
- RE: Receive Only Cable... Abe L. Getchell (Jan 14)
- RE: Receive Only Cable... Frank Knobbe (Jan 14)
- Re: Receive Only Cable... Ian Masters (Jan 14)
- Re: Receive Only Cable... Erek Adams (Jan 15)