Snort mailing list archives

How to set WINDOWS up for a Stealth Interface...

From: "Michael Steele" <michaels () silicondefense com>
Date: Wed, 9 Apr 2003 08:46:39 -0700

Tom,

Backup your registry...

Start the registry editor (Regedit.exe) 

Move to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interf
aces 

Select the required interface 

Note: Each interface has two entries. One only has about 6 subentries. Make
the modification to the other entry that has about 20 subentries.

From the Edit menu select New - DWORD value


Enter a name of IPAutoconfigurationEnabled and press Enter 

Double click 'IPAutoconfigurationEnabled' and set the value data to 0. Click
OK 

Double click 'EnableDHCP' and set the value data to 0

Note: Id TCP/IP the IP and Subnet will show 0.0.0.0

Close the registry editor, reboot and do an "ipconfig /all" from a command
prompt and the IP should be 0.0.0.0

-Michael
-- 
 Michael Steele | System Engineer / Support Technician     
 mailto:michaels () silicondefense com    
 Silicon Defense - The Cyber-War Defense Company
 Website: http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Michael Steele
Sent: Tuesday, April 08, 2003 10:08 PM
To: 'Tom Culpepper'
Cc: snort-users () lists sourceforge net

Tom,

Yes, I have documented it and would be happy to send it to you tomorrow. The
best thing to do if you want to do this is put two interfaces on the IDS.
Use one interface in promiscuous mode for Snort and the other interface can
be used for management.

 -Michael

 Michael Steele | System Engineer / Support Technician
 mailto:michaels () silicondefense com
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Tom Culpepper
Sent: Tuesday, April 08, 2003 5:06 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] stealth interface

Is something like this possible on a windows system?


Eric Baur wrote:

 
    Some of the other replies seem like too much work... and are 
harder to maintain (or someone else to figure out if they need to 
figure out what you did).
    You should be able to change the ifcfg-eth1 file (or whatever 
number you want to be ip-less) to be:
 
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=none
 
    That seems to be working in my installation (also RH8.0) without 
any issues.  (Now, my next mystery is seeing if I can find a way to 
refer to the devices as "lan", "wan" and "dmz" instead of "eth1", 
"eth2" and "eth3".)
 
Eric
  
d_greenjr wrote:

    Can someone tell me or give me the URL on how to create an
    interface with no ipaddr (stealth), on a linux [RH8] system? (Not
    the receive only cable-I saw that in the snort FAQs)  I have
    searched the Internet and the snort archives but have not found a
    message/page that describes what to do-only the end results.  Thanks





-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list





-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger
for complex code. Debugging C/C++ programs can leave you feeling lost and
disoriented. TotalView can help you find your way. Available on major UNIX
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: stealth interface, (continued)
- Re: stealth interface Matt Kettler (Apr 07)
- Re: stealth interface Keg (Apr 07)
- RE: stealth interface Matt Yackley (Apr 07)
- RE: stealth interface Vanish Pattni (DSL AK) (Apr 07)
- RE: stealth interface Eric Baur (Apr 08)
  - Re: stealth interface Tom Culpepper (Apr 08)
    - Re: stealth interface d_greenjr (Apr 08)
    - Re: stealth interface Tom Culpepper (Apr 08)
    - Re: stealth interface Keg (Apr 10)
    - RE: stealth interface Michael Steele (Apr 08)
    - How to set WINDOWS up for a Stealth Interface... Michael Steele (Apr 09)
    - Re: How to set WINDOWS up for a Stealth Interface... Ueli Kistler (Apr 09)
    - Re: How to set WINDOWS up for a Stealth Interface... snort (Apr 09)
- RE: stealth interface Chris Mann (Apr 08)
- RE: stealth interface bmcdowell (Apr 09)
- RE: stealth interface Donnie Green (Apr 09)
- RE: stealth interface Sanderson, Josh (Apr 09)
- RE: RE: stealth interface Eric Baur (Apr 10)
- RE: stealth interface Wilhelm, Brent (Apr 14)