Firewall Wizards mailing list archives
Re: stealth ports and IDS
From: Nilesh Chaudhari <mail () nilesh org>
Date: Sat, 5 Oct 2002 23:25:17 +051800
Quoting Robert McMahon <rwm () mcmahoncpa com>:
edit /etc/sysconfig/network-scripts/ifcfg-eth2 file and remove all entries and add the following: DEVICE=eth2 ONBOOT=yes PROMISC=yes ARP=no These settings will activate the interface, put it in promiscuous mode without an IP address and will turn ARP off. Turning ARP off is important because the interface will still respond to an ARP request even without an IP address.
And in case you are using Snort on OpenBSD(I don't know about NetBSD), edit the /etc/hostname.fxp1 (or whatever file you have for the specific interface) and add this - up That's it. Nilesh Chaudhari. --
"Paul D. Robertson" wrote:On 3 Oct 2002, James X wrote:One stumbling box has been the idea of a stealth port. I usually operate my IDS boxes with the interfaces in stealth mode ie no IP address or stack. I do not know of a way of acheiving this using linux or netBSD etc.. and without it I would feel rather vulnerable. To helpMaybe it's just me, but how about just not putting an IP address on the interface? I doubt you can get away with not puting IP in the kernel, but I really don't know enough about how libpcap does its thing to say for sure... Paul-----------------------------------------------------------------------------Paul D. Robertson "My statements in this message are personalopinionsproberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecureCorporation_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- SANS Top Ten and Commercial Firewalls Gary Flynn (Oct 02)
- Re: SANS Top Ten and Commercial Firewalls H. Morrow Long (Oct 02)
- Re: SANS Top Ten and Commercial Firewalls Devdas Bhagat (Oct 02)
- stealth ports and IDS James X (Oct 03)
- Re: stealth ports and IDS Anton A. Chuvakin (Oct 03)
- Re: stealth ports and IDS Kevin Steves (Oct 03)
- Re: stealth ports and IDS Paul D. Robertson (Oct 03)
- Re: stealth ports and IDS Robert McMahon (Oct 03)
- Re: stealth ports and IDS Nilesh Chaudhari (Oct 05)
- stealth ports and IDS James X (Oct 03)
- Re: stealth ports and IDS Zen (Oct 03)
- Re: stealth ports and IDS Paul D. Robertson (Oct 03)
- Re: stealth ports and IDS Todd Underwood (Oct 03)
- Re: stealth ports and IDS Jim MacLeod (Oct 03)
- RE: stealth ports and IDS Ben Nagy (Oct 04)
- RE: stealth ports and IDS Frank Knobbe (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Paul D. Robertson (Oct 03)
- Re: SANS Top Ten and Commercial Firewalls Devdas Bhagat (Oct 04)
- Re: SANS Top Ten and Commercial Firewalls Paul D. Robertson (Oct 04)