[Snort-users] Receive Only Cable...

Anthony Scalzitti tony at ...4540...
Mon Jan 14 16:33:01 EST 2002

RE: [Snort-users] Receive Only Cable...I agree a DoS or maybe some type of
flood could be used to "hide" a real attack, but that is about all that I
could think of.

Frank - Not a bad idea, as not everyone is hardware savy, but you would need
a good res to those all those tiny wires

----- Original Message -----
From: Frank Knobbe
To: 'Chris Arsenault' ; snort-users at lists.sourceforge.net
Sent: Monday, January 14, 2002 7:17 PM
Subject: RE: [Snort-users] Receive Only Cable...

Hash: SHA1
I guess any type of ICMP and UDP flood/DoS would still work.
Afterall, if Snort can see the packet, the system can.

Getting in as far as hacking..... I don't think so, since no data
leaves the interface (well, the cable more or less :)


PS: I was contemplating making a little How-to video of the creation
of the cable (since I get this asked a lot). Is there interest in
such a 'how do you crimp a funky cable' mpeg?
- -----Original Message-----
From: Chris Arsenault [mailto:carsenault at ...4459...]
Sent: Monday, January 14, 2002 5:35 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Receive Only Cable...

     I setup a receive only cable as described in the Snort FAQ,
works like a charm!!  I was just wondering with this cable and the
interface it is plugged into set up as stealth, can anyone describe a
possible attack which can still get to this box?


Chris Arsenault

Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME (X.509) encrypted email preferred.

More information about the Snort-users mailing list