Defcon 10 Presentation: sli4
37d2ba645da7676ea32d89e118368b5555c767a3e0582232da952052a2afbab7<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="GENERATOR" content="Mozilla/4.76 [en] (X11; U; Linux 2.2.18 i586) [Netscape]">
</head>
<body text="#000000" bgcolor="#FFFFFF" link="#0000EF" vlink="#51188E" alink="#FF0000">
<center><a href="index.html"><img SRC="first1.gif" BORDER=0 ></a><a href="sli3.html"><img SRC="prev1.gif" BORDER=0 ></a><a href="sli5.html"><img SRC="next1.gif" BORDER=0 ></a><a href="sli13.html"><img SRC="last1.gif" BORDER=0 ></a>
<p><font size=+4>The Technique</font></center>
<ul>
<li>
<font size=+3>Configure your logger, IDS probe, or sniffer with an active
Ethernet interface that has <u>no IP address</u>.</font></li>
</ul>
<ul>
<li>
<font size=+3>If the network you want the stealth-probe on is switched,
insert a hub at a strategic point and hang the probe off of the hub.</font></li>
</ul>
<ul>
<li>
<font size=+3>If you're really paranoid, use a "sniffing cable."</font></li>
</ul>
<ul>
<li>
<font size=+3>To use a stealth logger, you'll need a bogus static ARP entry
on each host that sends log datah</font></li>
</ul>
<ul>
<li>
<font size=+3>That's pretty much it. Thanks for coming!</font></li>
</ul>
</body>
</html>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed