Re: Antisniff thoughts

From: Craig H. Rowland (crowlandat_private)
Date: Mon Jul 26 1999 - 22:17:30 PDT

Next message: Groovy Pants Gus: "Re: Troff dangerous."

Previous message: Christopher Abad: "Re: All Hail The AntiAntiSniffer Sniffer!"
Maybe in reply to: *Hobbit*: "Antisniff thoughts"
Next in thread: Teolicy: "Re: Antisniff thoughts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FYI,

> Workaround: one interface as a normal address on a normal reachable net, and a
> second interface configured as above sniffing a *different* net.  Useful
> setup for remotely-administerable IDS boxes; real address lives on a protected
> inside net, sniffing interface plugs in to watch the dirty one but is not
> addressable.

Cisco NetRanger is setup this way by default. One interface is for command
and control and is usually isolated. The sniffing interface has no
protocols bound to it. This is for a variety of reasons, the main one
being it isolates the IDS from direct attack. Not a product plug, just a
note that some people do this already.

-- Craig

Next message: Groovy Pants Gus: "Re: Troff dangerous."
Previous message: Christopher Abad: "Re: All Hail The AntiAntiSniffer Sniffer!"
Maybe in reply to: *Hobbit*: "Antisniff thoughts"
Next in thread: Teolicy: "Re: Antisniff thoughts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:53:54 PDT