Well, Cliff sorta set up one (kinda, sorta...). (see Cockoos Egg) Jim
Steve Vawter wrote: > > One suggestion that I recall from a very old paper (either "There Be > Dragons" by Steven M. Bellovin 1992 or "An Evening with Berferd ..." by Bill > Cheswick 1991 (likely *the* original honey pot!)) talk of cutting the > transmit wires on any sensors that you use. I am not sure if this is still > workable on today's switches, but it may be with the right settings on the > port... > > Steve Vawter > UNIX SYSTEM ADMINISTRATOR > Zone Labs, Inc. > 1060 Howard Street > San Francisco CA 94103 > ph 415-341-8323 > fax 415-341-8299 > cell 510-409-9184 > pager 877-933-0549 > > -----Original Message----- > From: ash [mailto:[EMAIL PROTECTED]] > Sent: Thursday, May 09, 2002 8:40 PM > To: Skokan, Paul > Cc: '[EMAIL PROTECTED]' > Subject: Re: Host Security > > Skokan, Paul wrote: > > >I am running some FreeBSD boxes as various network monitoring hosts. The > hosts have multiple interfaces on them sniffing different network segments. > The hosts have one management interface with an IP address assigned to the > interface and the other ethernet interfaces do not have IP address assigned. > I am wondering if there are any vulnerabilities with having one of these > monitoring interfaces sit on a public network. Can the hosts be hacked at > all on the monitoring interface without an IP address...If so, how? > > > >Paul > > > Thats a really good question. The only way I can see it hapening is if > either the NIC's broadcast any info over the network, a internel user > knowing the MAC addresses and crawling their way in that way, or > possibly scanning for NIC's in promiscous mode. > > Ash -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566
