| 1 |
On 10/18/05, James <wireless@×××××××××××.com> wrote: |
| 2 |
> Hello, |
| 3 |
> |
| 4 |
> For a variety of reasons, I need to be able to make an ethernet |
| 5 |
> interface on a gentoo system, change into listen only (stealth mode). |
| 6 |
> Kind of like half duplex, so to speak. Any simple tricks? |
| 7 |
> Just disabling all responses from the ethernet interface would do. |
| 8 |
> I know I can just use 'ifconfig eth0 down' but anything more |
| 9 |
> elegant or that would allow the interface to keep receiving |
| 10 |
> packets for analysis and logging would be better. |
| 11 |
> |
| 12 |
> At other times I need to run a full blown IDS, like snort, |
| 13 |
> on an ethernet port, but without being externally detected. |
| 14 |
> What would be best method (tools) to ensure the interface is actually |
| 15 |
> not detectable on a given lan segment? |
| 16 |
> Here is a good (Redhat) but old link that kind of outlines the idea: |
| 17 |
> |
| 18 |
> http://www.linuxjournal.com/article/6222 |
| 19 |
> |
| 20 |
> Any web pages, documents or information that is more current and |
| 21 |
> gentoo specific would be of greatly appreciated. |
| 22 |
> |
| 23 |
|
| 24 |
I would suggest using iptables to simply DROP all outgoing packets. |
| 25 |
|
| 26 |
-- |
| 27 |
Justin Patrin |
| 28 |
|
| 29 |
-- |
| 30 |
gentoo-user@g.o mailing list |
Archives