From owner-freebsd-security Thu Sep 9 10:59:25 1999 Delivered-To: freebsd-security@freebsd.org Received: from kerouac.deepwell.com (deepwell.com [209.63.174.12]) by hub.freebsd.org (Postfix) with SMTP id 8792F14BE4 for ; Thu, 9 Sep 1999 10:59:23 -0700 (PDT) (envelope-from freebsd@deepwell.com) Received: (qmail 522 invoked from network); 9 Sep 1999 18:43:35 -0000 Received: from proxy.dcomm.net (HELO terry) (209.63.175.10) by deepwell.com with SMTP; 9 Sep 1999 18:43:35 -0000 Message-Id: <4.2.0.58.19990909104023.00d0d7e0@mail1.dcomm.net> X-Sender: freebsd@mail.deepwell.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Thu, 09 Sep 1999 10:50:30 -0700 To: "Rodney W. Grimes" , freebsd-security@freebsd.org From: Deepwell Internet Subject: Re: Lisen only NIC In-Reply-To: <199909091742.KAA18619@gndrsh.dnsmgr.net> References: <199909091721.KAA18571@gndrsh.dnsmgr.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org There was a thread on Bugtraq about 2 months ago called "anti-sniffer-sniffer" that went into talking about cutting the Xmit capabilities from a NIC. I only mention this because this thread is going the same direction. Are there certain cards or chipsets that would work well with this idea of disabling a trace on the NIC itself? It seems as though most NICs anymore are just a single QFP integrated circuit which does all the ethernet manipulation as well as any PCI bus interaction. When I see a NIC anymore it's most often just an Integrated Circuit, an isolation transformer, and a few surface mount capacitors. These everything-in-one-chip cards don't seem like they'd be good candidates for a project like this, but you can't buy anything else in the stores anymore. Better yet, is there a good candidate ethernet chipset that interacts with the ISA bus rather than PCI? This could be incorporated into a PC-104 accessory card which would work well on a small standalone box running FreeBSD. -Terry > > > No. You'll lose link. Instead, use an external tranceiver and cut the > > > transmit pin on the AUI end of the tranceiver. Search the BUGTRAQ > > > archives for URLs to detailed descriptions of how to do this (and why > > > cutting the transmit pin on a 10BaseT patch cable won't work) > > > > Do any of them talk about drilling the trace between the NIC chip and > > the MAU chip/isolation? Thats where the ``AUI'' cable is now :-) > > > > This is often best done on the input side of the isolation transformer > > so that the input to the MAU chip is still properly balanced. > >Strike that last comment, the isolation transformer location depends on >the type of MAU, it may be on the wrong side and ends up being the >same thing as cutting the patch cord. >What was I thinking!! Anyway for 10Base2 this is almost always trivial, >if it has an 8392 MAU chip with a Pulse or Valor transformer it will >be pins 7 & 8 of the transformer, don't cut pins 9 & 10, you'll unbalance >the inputs to the MAU and it may oscilate. > >Some place I have a nic with 3 dip switches on it ``deaf, dumb, and >baligerant''. Basically the switches open up pins 4,5, 7,8 and >1,2 of the transformer. Real handy for network lab testing... > >-- >Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message