> This is sort of like what I had in mind, although for simplicity I'd > probably just bring up a temporary IP address on the internal interface, > and send the warning from there. Unless that 3rd NIC was on a separate > network (unlikely) then it probably wouldn't make much difference from a > security stand point if it were the nic passing all of the traffic, or a > different nic on the same subnet. As an added benefit (if you have > enough addresses) you might bring up that nic with a random IP address, > from a small range of say 3 or 4, to make it a little harder to predict > an address you'd be able to attach to that belongs to the firewall. > > Snort for network ID and something like your hidden partition > suggestion, or even Samhain or Tripwire would work well for local ID. > It's just something we didn't go to the trouble to implement, given the > box's complete lack of direct network accessibility. > > Aaron S. Joyner [Jim Ray sez:] dude...we need to get you over here for one of our special topics/beer labs.
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
