1 |
Hello, |
2 |
|
3 |
(Stealth ethernet saga continues) |
4 |
Well, after much ado, it seems quite easy (trivial) to hide an ethernet |
5 |
interface, while being able to collect reems of local ethernet traffic |
6 |
based data, from both snort and ethereal. |
7 |
|
8 |
Here's the normal ethernet interace on a portable: |
9 |
/sbin/ifconfig -a |
10 |
eth0 Link encap:Ethernet HWaddr 00:90:F5:0D:30:0E |
11 |
inet addr:192.168.2.15 Bcast:192.168.2.255 Mask:255.255.255.0 |
12 |
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 |
13 |
|
14 |
|
15 |
issued: |
16 |
|
17 |
route delete default |
18 |
ifconfig eth0 inet 0.0.0.0 |
19 |
|
20 |
and voila: |
21 |
/sbin/infconif -a |
22 |
eth0 Link encap:Ethernet HWaddr 00:90:F5:0D:30:0E |
23 |
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 |
24 |
|
25 |
|
26 |
On any system, 'ping 0.0.0.0' receives responses from the local |
27 |
interface. |
28 |
|
29 |
What I need is for folks to test and verify that an ethernet |
30 |
interface setup this way, is indeed invisible (undetectable) |
31 |
by other systems. |
32 |
|
33 |
If you find this is not true, please tell me what you did and |
34 |
what tool/syntax you used to discover/detect a system with an |
35 |
ethernet interface set up this way.... |
36 |
|
37 |
James |
38 |
|
39 |
-- |
40 |
gentoo-user@g.o mailing list |