| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.44.0308071755460.11293-100000@hope.rains.net>
From: akatosh at rains.net (Akatosh)
Subject: Incident response kit? Really OT, but need
some help.
> * Small 8-port hub (NOT A SWITCH!). Get a really old one with AUI &
> coax.
> * Tx-neutered Cat5 (snip one wire, it's receive-only!)
following your train of thought, a 4 port keystone box with 4 jacks wired
up like this is usefull:
1 -----\ <--this port makes some switches act hub-like
2 ---\ |
3 ---+-*------\
4 - | |
5 - | |
6 ---*-----\ |
7 - | |
8 - | |
| |
| |
rx sniff | |
1---\ | |
2---/ | | <-- put your sniffer here
3 -----*---+--/
4 - | |
5 - | |
6 ---*-+---/
7 - | |
8 - | |
| |
| |
LAN | | LAN <--- lan ports 1 and 2, slip between something
1 ---+-*------- 1
|
2 ---*--------- 2
3 ------------- 3
4 - - 4
5 - - 5
6 ------------- 6
7 - - 7
8 - - 8
It doesn't need electricity and if you slip it between something, it's
transparent. It sniffs in one direction. Use crossover cords when you hook
it up to get the other direction. I also use bed-of-nails test clips to
clip on tx or rx pairs instead of slipping the tap box between things if I
don't want the link down/up showing up.
--
Edward Fahner
[aka. Akatosh .CU.Au, akatosh@...ns.net]
DC2.DwGmL--WT--SksCre+\Cvi+BflA(+r-v+++)NaM++H++$FoR+Ac+++!J+S+U-I--#V+++Q+Tc++E--
Powered by blists - more mailing lists