[Snort-users] Setting up a Windowz Interface to monitor with no IP Address
tslighter at ...5174...
Fri Jun 28 08:34:04 EDT 2002
depends upon the circumstances. the assumption here might be that one
machine is hooked up into an isolated port mirror where there are no other
machines connected. in addition, having the DHCP service disabled prevents
is from going out and attempting to obtain an IP address from anything. Of
course, with Win2K, the easiest of all is to simply uncheck "Internet
From: Mike Shaw [mailto:mshaw at ...3165...]
Sent: Friday, June 28, 2002 9:26 AM
To: Slighter, Tim; 'Michael Steele'; 'Scot Scot'
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Setting up a Windowz Interface to monitor
with no IP Address
At 07:38 AM 6/28/2002 -0600, Slighter, Tim wrote:
>I did find that for those who are uncomfortable with poking away at the
>registry blindfolded, there is an easier way to setup a "stealth" interface
>on a windows system. Just simply configure the interface for DHCP and it
>will never obtain an IP address but will still be in the "UP" state.
Hmmmm...that's a little scary. All it takes is a rogue DHCP server to give
it whatever ip address you want.
Try it on a lan segment sometime (assuming it's one you're responsible for
and you know what you're doing), you'll be amazed at what devices suddently
pop up on the network. Switches, hubs, print servers, remote access
devices....this used to be especially true where the standard protocol was
IPX and TCP/IP was not even considered.
I wouldn't recommend this particular technique.
More information about the Snort-users