Säker Snort?
Anders Troback
freebsd at troback.com
Wed May 20 13:53:05 CEST 2009
Den Wed, 20 May 2009 13:26:51 +0200
skrev Mans Nilsson <mansaxel at besserwisser.org>:
> Subject: Re: Säker Snort? Date: Wed, May 20, 2009 at 01:21:16PM +0200
> Quoting Anders Troback (freebsd at troback.com):
> >
> > Hm, nu kommer dagens kanske dummaste fråga men hur lyssnar man utan
> > att sätta en IP? :-]
>
> bash-3.2# ifconfig en5 inet
> en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> ifconfig: en5 has no inet interface address!
> bash-3.2# ifconfig en5
> en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> inet6 fe80::21d:7eff:fe01:80ab%en5 prefixlen 64 scopeid 0x9
> ether 00:1d:7e:01:80:ab
> media: autoselect (100baseTX <full-duplex>) status: active
> supported media: none autoselect 10baseT/UTP <half-duplex>
> 10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,flow-control>
> 100baseTX <half-duplex> 100baseTX <full-duplex> 100baseTX
> <full-duplex,flow-control> bash-3.2# tcpdump -ni en5 tcpdump:
> WARNING: en5: no IPv4 address assigned tcpdump: verbose output
> suppressed, use -v or -vv for full protocol decode listening on en5,
> link-type EN10MB (Ethernet), capture size 96 bytes 13:25:55.767540
> 13:25:56.269503 STP 802.1d, Config, Flags [none], bridge-id
> 81bb.00:18:ba:e2:c1:c0.8001, length 43 ^C 2 packets captured
> 2 packets received by filter
> 0 packets dropped by kernel
>
Körde 'ifconfig em0 up' sedan gick det! Tack:-]
Detta bör vara rätt säkert...eller? Finns det någon möjlighet,
praktisk eller teoretisk, att någon skulle komma in på en FBSD burk som
bara "lyssnar" på detta sättet på en speglad port?
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the BUS
mailing list