> Then you also have to consider the so called Stealth mode, which is more > typical of a hubbed (perhaps smaller) environments, where no IP address is > assigned to the interface, this makes it non addressable but still available > for promiscious mode hence IDS. In this mode the device should not respond > to probing such as crafted multicast packets, and as its interface is not > defined it would also not know its nameserver addresses so not attempt DNS > queries. You know, I was just thinking about this some more: is there any way (assuming that you have sufficient access to a given LAN) to illicit a response from an Ethernet device directly, regardless of what higher level protocols may or may not be bound to it? I mean, every Ethernet interface has a unique address, and there are at least protocols to map IPs to those addresses (ARP) and back (RARP), so is there anyway that you could maybe generate an invalid Ethernet frame, send it to some Ethernet address and get a response? Granted, I doubt this'll be much use in mapping networks blindly though, as the space for MAC addresses is huge, and can be easily defended against by snipping the transmit wire on the incoming Ethernet cable (ignoring the convolutions that must be done along with that). -"Zow" use standardDisclaimer
This archive was generated by hypermail 2b30 : Wed Mar 20 2002 - 21:25:33 PST