"Burgess, Jeff" wrote:
>
> Scenario is, we want to place a "monitoring" machine on our internal
> network to watch things, the idea arose to put a second NIC in the box to
> put in our DMZ (*Sort of like dual homing the machine, but without any
> protocols bound to it*).
Actually, I've done this with RealSecure in the past. So long as the
"exposed" NIC(s) have no protocols bound to them, there is no way to
address the system. There *might* be a way to dump some layer 2 stuff at
the system to perform some form of a DoS, but:
A) The attacking system would have to be on the same wire
B) The attacker would have to know the system is there (insider
knowledge)
C) The attacker would need to know the system's MAC address (extreme
insider knowledge) since a system without bound protocols will leave no
visible foot print
D) The monitor would hopefully show you that one of your service network
machines has been whacked before they get a chance to attack the monitor
itself.
Cheers,
Chris
--
**************************************
[EMAIL PROTECTED]
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
