From owner-freebsd-security Thu Sep 9 10:44:34 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id DE290152DF for ; Thu, 9 Sep 1999 10:44:30 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id KAA18619; Thu, 9 Sep 1999 10:42:09 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199909091742.KAA18619@gndrsh.dnsmgr.net> Subject: Re: Lisen only NIC In-Reply-To: <199909091721.KAA18571@gndrsh.dnsmgr.net> from "Rodney W. Grimes" at "Sep 9, 1999 10:21:20 am" To: freebsd@gndrsh.dnsmgr.net (Rodney W. Grimes) Date: Thu, 9 Sep 1999 10:42:09 -0700 (PDT) Cc: des@flood.ping.uio.no (Dag-Erling Smorgrav), newton@atdot.dotat.org (Mark Newton), Goran.Lowkrantz@infologigruppen.se (Lowkrantz Goran), freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Mark Newton writes: > > > Lowkrantz, Goran wrote: > > > > To check on our DMZs I am building a monitor system with a protected > > > > interface connected to the internal network and a multiport card to monitor > > > > the consoles of the systems in the DMZs. To check for attacks I have setup > > > > Snort and have tested with the Vision IDS but I want to hide the network > > > > interface completely so that it can't be seen or heard or attacked or > > > > anything. > > > Cut the transmit pin on your patchlead. > > > > No. You'll lose link. Instead, use an external tranceiver and cut the > > transmit pin on the AUI end of the tranceiver. Search the BUGTRAQ > > archives for URLs to detailed descriptions of how to do this (and why > > cutting the transmit pin on a 10BaseT patch cable won't work) > > Do any of them talk about drilling the trace between the NIC chip and > the MAU chip/isolation? Thats where the ``AUI'' cable is now :-) > > This is often best done on the input side of the isolation transformer > so that the input to the MAU chip is still properly balanced. Strike that last comment, the isolation transformer location depends on the type of MAU, it may be on the wrong side and ends up being the same thing as cutting the patch cord. What was I thinking!! Anyway for 10Base2 this is almost always trivial, if it has an 8392 MAU chip with a Pulse or Valor transformer it will be pins 7 & 8 of the transformer, don't cut pins 9 & 10, you'll unbalance the inputs to the MAU and it may oscilate. Some place I have a nic with 3 dip switches on it ``deaf, dumb, and baligerant''. Basically the switches open up pins 4,5, 7,8 and 1,2 of the transformer. Real handy for network lab testing... -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message