Snort mailing list archives
How to set WINDOWS up for a Stealth Interface...
From: "Michael Steele" <michaels () silicondefense com>
Date: Wed, 9 Apr 2003 08:46:39 -0700
Tom, Backup your registry... Start the registry editor (Regedit.exe) Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interf aces Select the required interface Note: Each interface has two entries. One only has about 6 subentries. Make the modification to the other entry that has about 20 subentries.
From the Edit menu select New - DWORD value
Enter a name of IPAutoconfigurationEnabled and press Enter Double click 'IPAutoconfigurationEnabled' and set the value data to 0. Click OK Double click 'EnableDHCP' and set the value data to 0 Note: Id TCP/IP the IP and Subnet will show 0.0.0.0 Close the registry editor, reboot and do an "ipconfig /all" from a command prompt and the IP should be 0.0.0.0 -Michael -- Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense - The Cyber-War Defense Company Website: http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Michael Steele Sent: Tuesday, April 08, 2003 10:08 PM To: 'Tom Culpepper' Cc: snort-users () lists sourceforge net Tom, Yes, I have documented it and would be happy to send it to you tomorrow. The best thing to do if you want to do this is put two interfaces on the IDS. Use one interface in promiscuous mode for Snort and the other interface can be used for management. -Michael Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Tom Culpepper Sent: Tuesday, April 08, 2003 5:06 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] stealth interface Is something like this possible on a windows system? Eric Baur wrote:
Some of the other replies seem like too much work... and are harder to maintain (or someone else to figure out if they need to figure out what you did). You should be able to change the ifcfg-eth1 file (or whatever number you want to be ip-less) to be: DEVICE=eth1 ONBOOT=yes BOOTPROTO=none That seems to be working in my installation (also RH8.0) without any issues. (Now, my next mystery is seeing if I can find a way to refer to the devices as "lan", "wan" and "dmz" instead of "eth1", "eth2" and "eth3".) Eric d_greenjr wrote:Can someone tell me or give me the URL on how to create an interface with no ipaddr (stealth), on a linux [RH8] system? (Not the receive only cable-I saw that in the snort FAQs) I have searched the Internet and the snort archives but have not found a message/page that describes what to do-only the end results. Thanks
------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: stealth interface, (continued)
- Re: stealth interface Matt Kettler (Apr 07)
- Re: stealth interface Keg (Apr 07)
- RE: stealth interface Matt Yackley (Apr 07)
- RE: stealth interface Vanish Pattni (DSL AK) (Apr 07)
- RE: stealth interface Eric Baur (Apr 08)
- Re: stealth interface Tom Culpepper (Apr 08)
- Re: stealth interface d_greenjr (Apr 08)
- Re: stealth interface Tom Culpepper (Apr 08)
- Re: stealth interface Keg (Apr 10)
- RE: stealth interface Michael Steele (Apr 08)
- How to set WINDOWS up for a Stealth Interface... Michael Steele (Apr 09)
- Re: How to set WINDOWS up for a Stealth Interface... Ueli Kistler (Apr 09)
- Re: How to set WINDOWS up for a Stealth Interface... snort (Apr 09)
- Re: stealth interface Tom Culpepper (Apr 08)