RE: [Full-Disclosure] Incident response kit? Really OT, but needsome help.

[Akatosh <akatosh@rains.net>]

>   * Small 8-port hub (NOT A SWITCH!). Get a really old one with AUI &
> coax.
>   * Tx-neutered Cat5 (snip one wire, it's receive-only!)

following your train of thought, a 4 port keystone box with 4 jacks wired
up like this is usefull:

1 -----\    <--this port makes some switches act hub-like
2 ---\ |  
3 ---+-*------\
4 -  |        |  
5 -  |        |
6 ---*-----\  |
7 -        |  |         
8 -        |  |
           |  |
           |  |
rx sniff   |  | 
1---\      |  |
2---/      |  |    <-- put your sniffer here
3 -----*---+--/ 
4 -    |   |
5 -    |   |
6 ---*-+---/
7 -  | |
8 -  | |
     | |
     | |
LAN  | |      LAN   <--- lan ports 1 and 2, slip between something
1 ---+-*------- 1
     |
2 ---*--------- 2
3 ------------- 3
4 -           - 4
5 -           - 5
6 ------------- 6
7 -           - 7
8 -           - 8


It doesn't need electricity and if you slip it between something, it's
transparent. It sniffs in one direction. Use crossover cords when you hook
it up to get the other direction. I also use bed-of-nails test clips to
clip on tx or rx pairs instead of slipping the tap box between things if I
don't want the link down/up showing up.

-- 
Edward Fahner
[aka. Akatosh  .CU.Au, akatosh@rains.net]
DC2.DwGmL--WT--SksCre+\Cvi+BflA(+r-v+++)NaM++H++$FoR+Ac+++!J+S+U-I--#V+++Q+Tc++E--

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html