From owner-freebsd-security Thu Sep 9 12:23: 0 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 53D3A15341 for ; Thu, 9 Sep 1999 12:22:55 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id NAA50579; Thu, 9 Sep 1999 13:22:52 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id NAA30860; Thu, 9 Sep 1999 13:22:43 -0600 (MDT) Message-Id: <199909091922.NAA30860@harmony.village.org> To: James Wyatt Subject: Re: Lisen only NIC Cc: "Lowkrantz, Goran" , freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Thu, 09 Sep 1999 13:09:40 CDT." References: Date: Thu, 09 Sep 1999 13:22:43 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message James Wyatt writes: : The only *true* way I know of to get a listen-only NIC, is to physically : disconnect the xmit line on the NIC. When I read about this in the : "Repelling the wiley hacker" internet firewall/security book and tried it : on an old 3Com 3c503, I thought it was sufficient and *really* secure. : (The book is so good I've loaned it out so email for ISBN. Great book!) I've seen in other discussions that while you could do this with the AUI based ethernet cards, you can't do this with 10base2 or 10base-t cards. Thinnet is obvious... But the 10-base-t/100-base-t cards need the xmit lines to negotiate speed settings with the hub. Can anybody confirm this? Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message