Snort mailing list archives
RE: stealth interface
From: "Michael Steele" <michaels () silicondefense com>
Date: Tue, 8 Apr 2003 22:08:07 -0700
Tom, Yes, I have documented it and would be happy to send it to you tomorrow. The best thing to do if you want to do this is put two interfaces on the IDS. Use one interface in promiscuous mode for Snort and the other interface can be used for management. -Michael Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Tom Culpepper Sent: Tuesday, April 08, 2003 5:06 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] stealth interface Is something like this possible on a windows system? Eric Baur wrote:
Some of the other replies seem like too much work... and are harder to maintain (or someone else to figure out if they need to figure out what you did). You should be able to change the ifcfg-eth1 file (or whatever number you want to be ip-less) to be: DEVICE=eth1 ONBOOT=yes BOOTPROTO=none That seems to be working in my installation (also RH8.0) without any issues. (Now, my next mystery is seeing if I can find a way to refer to the devices as "lan", "wan" and "dmz" instead of "eth1", "eth2" and "eth3".) Eric d_greenjr wrote:Can someone tell me or give me the URL on how to create an interface with no ipaddr (stealth), on a linux [RH8] system? (Not the receive only cable-I saw that in the snort FAQs) I have searched the Internet and the snort archives but have not found a message/page that describes what to do-only the end results. Thanks
------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- stealth interface d_greenjr (Apr 07)
- Re: stealth interface Matt Kettler (Apr 07)
- Re: stealth interface Keg (Apr 07)
- <Possible follow-ups>
- RE: stealth interface Matt Yackley (Apr 07)
- RE: stealth interface Vanish Pattni (DSL AK) (Apr 07)
- RE: stealth interface Eric Baur (Apr 08)
- Re: stealth interface Tom Culpepper (Apr 08)
- Re: stealth interface d_greenjr (Apr 08)
- Re: stealth interface Tom Culpepper (Apr 08)
- Re: stealth interface Keg (Apr 10)
- RE: stealth interface Michael Steele (Apr 08)
- How to set WINDOWS up for a Stealth Interface... Michael Steele (Apr 09)
- Re: How to set WINDOWS up for a Stealth Interface... Ueli Kistler (Apr 09)
- Re: How to set WINDOWS up for a Stealth Interface... snort (Apr 09)
- Re: stealth interface Tom Culpepper (Apr 08)