Thanks to everyone for their input, I guess I feel a little bit better,
I'll just have to watch that box fairly closely.
BTW, has anyone ACTUALLY made a cable with the TX wire snipped so that the
promiscuous NIC just listens? Does it work?
-----Original Message-----
From: Chris Brenton [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 16, 1999 4:21 PM
To: Burgess, Jeff
Cc: '[EMAIL PROTECTED]'
Subject: Re: NICs and Protocols
"Burgess, Jeff" wrote:
>
> Scenario is, we want to place a "monitoring" machine on our internal
> network to watch things, the idea arose to put a second NIC in the box to
> put in our DMZ (*Sort of like dual homing the machine, but without any
> protocols bound to it*).
Actually, I've done this with RealSecure in the past. So long as the
"exposed" NIC(s) have no protocols bound to them, there is no way to
address the system. There *might* be a way to dump some layer 2 stuff at
the system to perform some form of a DoS, but:
A) The attacking system would have to be on the same wire
B) The attacker would have to know the system is there (insider
knowledge)
C) The attacker would need to know the system's MAC address (extreme
insider knowledge) since a system without bound protocols will leave no
visible foot print
D) The monitor would hopefully show you that one of your service network
machines has been whacked before they get a chance to attack the monitor
itself.
Cheers,
Chris
--
**************************************
[EMAIL PROTECTED]
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
