Honeypots mailing list archives
RE: undetectable NIC in promiscuous mode
From: Jose_Maria_Gonzalez () dell com
Date: Fri, 5 Mar 2004 18:40:00 -0000
Yes indeed Daniel. In fact I have set-up something similar to what you just described below. Curt Purdy has pointed something out very interesting. The best way to make sure that our IDS in undetectable is to cut the TX pair.. Thanks Purdy again Rgds, Jose
-----Original Message----- From: Daniel F. Chief Security Engineer - [mailto:danielf () supportteam net] Sent: 05 March 2004 18:28 To: Gonzalez, Jose_Maria Subject: Re: undetectable NIC in promiscuous mode If it's plugged into a cisco or similar switch that you can get snmp stats from you will see only inbound traffic on that switch port, and no output. Otherwise, no it is not detectable by any means that Im aware of. Also if you have Cisco or mangable switches you can use spanning tree to dump all traffic for the switch or just the switches uplink to that port and have a most excellent IDS sensor that is undetectable. I do this myself. I also have a second NIC in the IDS sensor on a private network (both physical and IP) on which I do all my logging and reporting through. hope this helps. On Friday 05 March 2004 03:40, Jose_Maria_Gonzalez () dell com wrote:Hi There, Correct me if I am wrong but would a host with a NIC inpromiscuous modewith no IP set-up be detectable? Thanking you in advance, Rgds, Jose Gonzalez-- _,.-:*"``'*:-.,_,.-:*"``'*:-.,_,.-:*"``'*:-.,_,.-:*"``'*:-.,_, .-:*"``'*:-.,_ Daniel Fairchild - Chief Security Officer | danielf () supportteam net The distance between nothing and infinity is always the same no matter how close you get to nothing.
Current thread:
- undetectable NIC in promiscuous mode Jose_Maria_Gonzalez (Mar 05)
- Re: undetectable NIC in promiscuous mode Chris Brenton (Mar 05)
- RE: undetectable NIC in promiscuous mode Román Ramírez (Mar 05)
- RE: [inbox] undetectable NIC in promiscuous mode Curt Purdy (Mar 05)
- Re: [inbox] undetectable NIC in promiscuous mode Work (Mar 05)
- RE: [inbox] undetectable NIC in promiscuous mode Chris Brenton (Mar 05)
- Re: [inbox] undetectable NIC in promiscuous mode Secdigital (Mar 07)
- RE: undetectable NIC in promiscuous mode Simon Thornton (Mar 11)
- <Possible follow-ups>
- RE: undetectable NIC in promiscuous mode Jose_Maria_Gonzalez (Mar 05)
- Re: undetectable NIC in promiscuous mode Work (Mar 07)
- RE: undetectable NIC in promiscuous mode Walter, Mario {VIE-~Kaiseraugst} (Mar 08)
- Re: undetectable NIC in promiscuous mode Chris Brenton (Mar 05)