Snort mailing list archives
RE: Setting up a Windowz Interface to monitor with no IP Address
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Fri, 28 Jun 2002 09:32:12 -0600
depends upon the circumstances. the assumption here might be that one machine is hooked up into an isolated port mirror where there are no other machines connected. in addition, having the DHCP service disabled prevents is from going out and attempting to obtain an IP address from anything. Of course, with Win2K, the easiest of all is to simply uncheck "Internet Protocol TCP" -----Original Message----- From: Mike Shaw [mailto:mshaw () wwisp com] Sent: Friday, June 28, 2002 9:26 AM To: Slighter, Tim; 'Michael Steele'; 'Scot Scot' Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Setting up a Windowz Interface to monitor with no IP Address At 07:38 AM 6/28/2002 -0600, Slighter, Tim wrote:
I did find that for those who are uncomfortable with poking away at the registry blindfolded, there is an easier way to setup a "stealth" interface on a windows system. Just simply configure the interface for DHCP and it will never obtain an IP address but will still be in the "UP" state.
Hmmmm...that's a little scary. All it takes is a rogue DHCP server to give it whatever ip address you want. Try it on a lan segment sometime (assuming it's one you're responsible for and you know what you're doing), you'll be amazed at what devices suddently pop up on the network. Switches, hubs, print servers, remote access devices....this used to be especially true where the standard protocol was IPX and TCP/IP was not even considered. I wouldn't recommend this particular technique. -Mike ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Caffeinated soap. No kidding. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Setting up a Windowz Interface to monitor with no IP Address Slighter, Tim (Jun 28)
- <Possible follow-ups>
- RE: Setting up a Windowz Interface to monitor with no IP Address Slighter, Tim (Jun 28)
- RE: Setting up a Windowz Interface to monitor with no IP Address Hicks, John (Jun 28)