Stealthful Sniffing, Logging, and Intrusion Detection: Useful and Fun Things You Can do Without an IP Address

Presented at DEF CON 10 (2002), Aug. 4, 2002, 11 a.m. (50 minutes).

Centralized event-logging and automated intrusion detection are required tools for good network security. But what can you do to prevent your loggers and IDS probes from falling victim to the same attacks they're supposed to warn you about? As it happens, one cool thing you can do is run such systems without IP addresses. In my presentation I'll describe the benefits and drawbacks of this technique, and demonstrate how it can be used in conjunction with Snort, syslog-ng, and other standard *nix tools to build stealthful loggers and IDSes.


Presenters:

  • Mick Bauer - Upstream Solutions, Inc. mick.wiremonkeys.org
    Mick Bauer is a Technology Counselor (information Systems security consultant and engineer) for Upstream Solutions, based in Minneapolis. His areas of expertise include firewall architecture and integration, security policy, network application security, and Unix and NT system security. Mick is the author of Linux Journal's popular "Paranoid Penguin" security columns, and of the upcoming book "Building Secure Servers With Linux" (O'Reilly and Associates, October 2002).

Links:

Similar Presentations: