Wireshark mailing list archives
Re: One NIC on public side
From: Marc Luethi <netztier () bluewin ch>
Date: Wed, 19 May 2010 22:11:07 +0200
On Wed, 2010-05-19 at 14:05 -0500, mike () grounded net wrote:
It was suggested that I take all protocols off of Nic1 which would make it safe to have on the public side.
Definitely. That NIC should be as "quiet" as possible, if anyhow possible even completely passive.
What I'm looking for is input on just how safe this setup is.
As long as the Interface is completely passive, has no IP address and no services/listeners bound to it, it's a safe start. However, Wireshark is a piece of software that processes any data flow to and from your firewall, and its protocol dissectors are not immune to attacks: http://www.wireshark.org/security/ I do not mean to bash Wireshark or anything, it is truly one great piece of software, that helped my employer a great deal (even saved us from the spanish inqui... er... the FSA once). But as with all software, bugs are there, buffer overflows can happen... If I were your security officer, I would support this setup only if the capturing system's "inside" interface was moved into a DMZ and Wireshark was used by some form of remote desktop functionality. regards Marc ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: One NIC on public side, (continued)
- Re: One NIC on public side mike () grounded net (May 13)
- Re: One NIC on public side mike () grounded net (May 13)
- Re: One NIC on public side Kevin Cullimore (May 15)
- Re: One NIC on public side Richard Bejtlich (May 15)
- Re: One NIC on public side mike () grounded net (May 15)
- Re: One NIC on public side Boonie (May 16)
- Re: One NIC on public side mike () grounded net (May 19)
- Re: One NIC on public side Martin Visser (May 16)
- Re: One NIC on public side Richard Bejtlich (May 17)
- Re: One NIC on public side mike () grounded net (May 19)
- Re: One NIC on public side Marc Luethi (May 19)
- Re: One NIC on public side mike () grounded net (May 19)
- Re: One NIC on public side mike () grounded net (May 19)