Книга: Fedora™ Unleashed, 2008 edition

Devices

Devices

Do not ever advertise that you have set a NIC to promiscuous mode. Promiscuous mode (which can be set on an interface by using ifconfig's promisc option) is good for monitoring traffic across the network and can often allow you to monitor the actions of someone who might have broken into your network. The tcpdump command also sets a designated interface to promiscuous mode while the program runs; unfortunately, the ifconfig command does not report this fact while tcpdump is running! Keep in mind that this is one way a cracker will monitor your network to gain the ever-so-important root password.

NOTE

Browse to http://www.redhat.com/docs/manuals/ to read about how to detect unauthorized network intrusions or packet browsing (known as network sniffing). You can use the information to help protect your system. Scroll down the page and click the Security Guide link.

Do not forget to use the right tool for the right job. Although a network bridge can be used to connect your network to the Internet, doing so would not be a good option. Bridges have almost become obsolete because they forward any packet that comes their way, which is not good when a bridge is connected to the Internet. A router enables you to filter which packets are relayed.

Оглавление книги


Генерация: 0.038. Запросов К БД/Cache: 0 / 0
поделиться
Вверх Вниз