Snort mailing list archives
RE: Running Win2K in Stealth Mode
From: "Chris Arsenault" <carsenault () firstedcu org>
Date: Wed, 6 Feb 2002 15:50:21 -0600
The four things I have done: Setup Win2k in Stealth Unbind all NIC cards (1 on DMZ & 1 External layer of firewall) Added 2 receive only cables, available on Snort FAQ Added 2 Ethernet taps, a bit overkill....but why not be paranoid! Have a third NIC card to access ACID & Demarc management interface Log everything to MySQL Log everything to alert.ids Upload alert.ids to aris hourly http://aris.securityfocus.com Create beautiful reports for management via aris :) This complete setup was approved by our board and is currently in production. The only changes I will make in the future is to move the sensors from Win2k to freebsd or linux running on Server class machines and logging to MSSQL. Also, setup https access to Demarc from the DMZ so that I can have the monitor running at home 24 hours a day. Chris Arsenault Network Administrator First Educators Credit Union Microsoft Certified Systems Engineer Microsoft Certified Trainer -----Original Message----- From: Tom Sevy [mailto:tsevy () epx com] Sent: Wednesday, February 06, 2002 3:18 PM To: Chris Arsenault; 'SkatFiend () aol com'; 'snort-users () lists sourceforge net' Subject: RE: [Snort-users] Running Win2K in Stealth Mode Has anyone tried un-binding the TCP/IP protocol to the NIC? I have done this when using MS Network Monitor to sniff a segment. -----Original Message----- From: Chris Arsenault [mailto:carsenault () firstedcu org] Sent: Wednesday, February 06, 2002 4:04 PM To: SkatFiend () aol com; snort-users () lists sourceforge net Subject: RE: [Snort-users] Running Win2K in Stealth Mode Disable APIPA and setup the adapter to use DHCP. Instead of getting a private address, the IP will reset to 0.0.0.0 and stay there. Chris Arsenault Network Administrator First Educators Credit Union Microsoft Certified Systems Engineer Microsoft Certified Trainer -----Original Message----- From: SkatFiend () aol com [mailto:SkatFiend () aol com] Sent: Wednesday, February 06, 2002 11:52 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Running Win2K in Stealth Mode Hello All, I know this has been addressed b4 on the list, however I am having problems implimenting this configuration. According to an e-mail on 01/15/02, I have disabled APIPA with a registry key hack, I have unbound under Advanced Network settings IP from Microsoft. It was suggested to use a 0.0.0.0 IP address for the adapter, the GUI interface will not allow you to do this, it either requires a valid IP address or must be set to DHCP. Can anyone tell me how they configured this????? Thanks in advance for your help. Cliff Arms _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Running Win2K in Stealth Mode Bill Shaffer (Jan 15)
- <Possible follow-ups>
- RE: Running Win2K in Stealth Mode Chris Arsenault (Jan 15)
- Running Win2K in Stealth Mode Michael Steele (Jan 15)
- RE: Running Win2K in Stealth Mode Burleson, Lee (IA) (Jan 18)
- Running Win2K in Stealth Mode SkatFiend (Feb 06)
- RE: Running Win2K in Stealth Mode Tom Sevy (Feb 06)
- RE: Running Win2K in Stealth Mode Chris Arsenault (Feb 06)
- RE: Running Win2K in Stealth Mode Chris Arsenault (Feb 06)
- Re: Running Win2K in Stealth Mode Chris Chaffee (Feb 10)