[Snort-users] Receive Only Cable...

Anthony Scalzitti tony at ...4540...
Mon Jan 14 16:33:01 EST 2002


RE: [Snort-users] Receive Only Cable...I agree a DoS or maybe some type of
flood could be used to "hide" a real attack, but that is about all that I
could think of.

Frank - Not a bad idea, as not everyone is hardware savy, but you would need
a good res to those all those tiny wires

-Tony
----- Original Message -----
From: Frank Knobbe
To: 'Chris Arsenault' ; snort-users at lists.sourceforge.net
Sent: Monday, January 14, 2002 7:17 PM
Subject: RE: [Snort-users] Receive Only Cable...


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I guess any type of ICMP and UDP flood/DoS would still work.
Afterall, if Snort can see the packet, the system can.

Getting in as far as hacking..... I don't think so, since no data
leaves the interface (well, the cable more or less :)

Regards,
Frank


PS: I was contemplating making a little How-to video of the creation
of the cable (since I get this asked a lot). Is there interest in
such a 'how do you crimp a funky cable' mpeg?
- -----Original Message-----
From: Chris Arsenault [mailto:carsenault at ...4459...]
Sent: Monday, January 14, 2002 5:35 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Receive Only Cable...


     I setup a receive only cable as described in the Snort FAQ,
works like a charm!!  I was just wondering with this cable and the
interface it is plugged into set up as stealth, can anyone describe a
possible attack which can still get to this box?

Thanks,

Chris Arsenault


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME (X.509) encrypted email preferred.
iQA/AwUBPEN1EczYtOFvgXQfEQLyEACePHDdQCXnXWcsHfYh48zoi8Oo+PwAn32G
v7BsTXqKAJkKEtDG8Kuq5aG9
=V30/
-----END PGP SIGNATURE-----






More information about the Snort-users mailing list