IDS mailing list archives
Re: IDS Sensor operation
From: Graeme Connell <gconnell () middlebury edu>
Date: Wed, 29 Sep 2004 09:42:09 -0400
An interface in promiscuous mode can still have an IP address. Just run ifconfig <interface> promiscand, voila! A promiscuous interface. It only means that it registers all packets that hit it. So to answer your question: An IPS can sniff traffic and send configuration information on the same interface. Hope this helps.
--Graeme Connell Vijai K (Infosec) - CTD, Chennai. wrote:
Hi folks Basically sensors operates with promiscuous mode interface for monitoring data,rite But there is an optionality in an IDS to alert the firewall (reconfigure)to block the intrusion IP, and also to kill the session or connectionby the sensor itself. this we see in Realsecure Network sensor 7.0 where there is a option called RSKILL. But the question is how is it possible for a interface in promiscuous mode to act like this since there is no binding in the interface(TCP/IP,etc). Did it uses other NIC which is for management purpose??? Hope u all understand the question Regds Vijai.KDISCLAIMER This message and any attachment(s) contained here are information that isconfidential, proprietary to HCL Technologies and its customers. Contents may be privileged or otherwise protected by law. The information is solely intended for the individual or the entity it is addressed to. If you are not the intended recipient of this message, you are not authorized to read, forward, print, retain, copy or disseminate this message or any part of it. If you have received this e-mail in error, please notify the sender immediately by return e-mail and delete it from your computer. -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- IDS Sensor operation Vijai K (Infosec) - CTD, Chennai. (Sep 28)
- Re: IDS Sensor operation Graeme Connell (Sep 30)
- <Possible follow-ups>
- RE: IDS Sensor operation Wozny, Scott (US - New York) (Sep 28)
- RE: IDS Sensor operation Joshua Berry (Sep 30)