>I don't actually consider this to be a problem. This is how some network
>IDSes are able to work (RealSecure for one) and can avoid all risk of IP
>based attacks (since there's no ipaddr on the if).
>
>But, the interfaces are able to found, you just need to look for the MAC
>address and not the IP. ;-) Checking the ARP tables of your switches and
>routers should bring a rogue interface that doesn't have an ipaddr assigned
>to it.
>
You won't find the MAC address anywhere; the interface is passive. It
won't reply to ARP requests (no IP). Since it doesn't send any other
packets, its MAC address can't be learned that way either.
Casper
