Vulnerability Development mailing list archives
RE: Firewall and IDS, (the second way).
From: PJD () portcullis-security com
Date: Tue, 19 Mar 2002 12:19:43 -0000
If you want your sensor to be non-invasive and undetectable, it's highly suggested that you use a special device, like the Shomiti (now Finisar) Century TAP: PROS: full duplex support, fault tolerant, non-invasive network monitoring, undetectable, useful for switched environments (there's no longer need for a span port). CONS: it's expensive for small environments.
Then you also have to consider the so called Stealth mode, which is more typical of a hubbed (perhaps smaller) environments, where no IP address is assigned to the interface, this makes it non addressable but still available for promiscious mode hence IDS. In this mode the device should not respond to probing such as crafted multicast packets, and as its interface is not defined it would also not know its nameserver addresses so not attempt DNS queries.
Current thread:
- Firewall and IDS, (the second way). sekure (Mar 15)
- Re: Firewall and IDS, (the second way). Zow (Mar 15)
- RE: Firewall and IDS, (the second way). Benjamin P. Grubin (Mar 16)
- Re: Firewall and IDS, (the second way). Bryan Burns (Mar 16)
- RE: Firewall and IDS, (the second way). Dom De Vitto (Mar 16)
- Re: Firewall and IDS, (the second way). Michel Arboi (Mar 16)
- Re: Firewall and IDS, (the second way). Timothy J. Miller (Mar 19)
- Re: Firewall and IDS, (the second way). Anthony Stevens (Mar 20)
- <Possible follow-ups>
- Re: Firewall and IDS, (the second way). Marco Ivaldi (Mar 18)
- RE: Firewall and IDS, (the second way). PJD (Mar 19)
- Re: Firewall and IDS, (the second way). Zow (Mar 20)
- RE: Firewall and IDS, (the second way). Pedro Quintanilha (Mar 19)
- RE: Firewall and IDS, (the second way). Bojan Zdrnja (Mar 20)
- RE: Firewall and IDS, (the second way). Pedro Quintanilha (Mar 20)
- RE: Firewall and IDS, (the second way). Bojan Zdrnja (Mar 20)
- Re: Firewall and IDS, (the second way). Zow (Mar 15)