Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Snort Stealthily

Posted by Hemos on Friday September 13, 2002 @01:31AM from the snicker-snicker dept.

jukal writes "Linux Journal has an article on using Snort as stealth sniffer, a stealth NDIS probe and stealth loger -- on a network interface with no IP address. 'Snort is a versatile and powerful tool for sniffing, intrusion detection and packet logging. Configuring it to run stealthily in sniffing mode or NIDS mode is easy; incorporating it into a stealth-logging solution is only slightly less so'"

1 of 148 comments (clear)

Min score:

Reason:

Sort:

Re:Warning by flonker · 2002-09-13 01:52 · Score: 5, Interesting

It's easy to remain undetected with a custom patch cord, (no transmit). IIRC, 10BaseT, you simply didn't set up the TX wires, and 100BaseT, you untwisted one of the twisted pairs.

It's even possible to remain undetected with software only, but you *really* need to know what you're doing. Stuff can be detected on the ethernet layer that most people aren't aware of.