Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IDS Sensor operation

from [Graeme Connell] Network Security [Permanent Link]
Subject: Re: IDS Sensor operation
Date: Wed, 29 Sep 2004 09:42:09 -0400 
An interface in promiscuous mode can still have an IP address.  Just run

 ifconfig <interface> promisc

and, voila! A promiscuous interface. It only means that it registers all packets that hit it. So to answer your question: An IPS can sniff traffic and send configuration information on the same interface. Hope this helps.

      --Graeme Connell

Vijai K (Infosec) - CTD, Chennai. wrote:

Hi folks


Basically sensors operates with promiscuous mode interface  for monitoring
data,rite
But there is an optionality in  an IDS to alert the firewall (reconfigure)to
block the intrusion IP, and also to kill the session or connectionby the
sensor itself.

this we see in Realsecure Network sensor 7.0 where there  is a option called
RSKILL.

But the question is how is it possible for a interface in promiscuous mode
to act like this since there is no binding in the interface(TCP/IP,etc).

Did it uses other NIC which is for management purpose???

Hope u all understand the question



Regds
Vijai.K



DISCLAIMER This message and any attachment(s) contained here are information that is
confidential, proprietary to HCL Technologies and its customers. Contents
may be privileged or otherwise protected by law. The information is solely
intended for the individual or the entity it is addressed to. If you are not
the intended recipient of this message, you are not authorized to read,
forward, print, retain, copy or disseminate this message or any part of it.
If you have received this e-mail in error, please notify the sender
immediately by return e-mail and delete it from your computer.



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE 
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------





--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE 
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Snort, Jeremy Gonzales
Next by Date:  RE: IDS Sensor operation, Joshua Berry
Previous by Thread:  IDS Sensor operation, Vijai K (Infosec) - CTD, Chennai.
Next by Thread:  RE: IDS Sensor operation, Wozny, Scott (US - New York)
Indexes:  [Date] [Thread] [Top] [All Lists]