| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
James wrote: |
| 5 |
|
| 6 |
>gentuxx <gentuxx <at> gmail.com> writes: |
| 7 |
> |
| 8 |
>>I've set up Solaris systems with multiple NICs, 1 as a |
| 9 |
>>command-and-control interface, and 1 as a "sniffing" interface. The |
| 10 |
>>sniffing interface was configured without an IP. |
| 11 |
> |
| 12 |
> |
| 13 |
>Did you partially configure the ethernet port? How does it receive |
| 14 |
>(listen) to traffic on a flat hub? |
| 15 |
> |
| 16 |
> |
| 17 |
Yeah. Set the ifc to no ip and then brought it up. Then we set up a |
| 18 |
switch monitoring port to receive all the traffic. Keep in mind this |
| 19 |
is in an enterprise-level production environment. We weren't just |
| 20 |
trying to sniff our girlfriends'...traffic. ;-) |
| 21 |
|
| 22 |
>>I don't see any reason why this can't be done in gentoo. |
| 23 |
>>I guess it depends on how "non-detectable" you need to be. |
| 24 |
> |
| 25 |
> |
| 26 |
>Well this is the essence of the method described at: |
| 27 |
>http://www.linuxjournal.com/article/6222 |
| 28 |
> |
| 29 |
>This article is redhat centric, so I was looking for a method |
| 30 |
>that has been implemented and tested with gentoo.... |
| 31 |
> |
| 32 |
>Any further details are welcome. |
| 33 |
> |
| 34 |
>James |
| 35 |
> |
| 36 |
I don't know of anything specifically. But the setup should be |
| 37 |
basically the same as in the article, except for the interface config |
| 38 |
and snort installation. Just use net-cfg eth1 (or whatever) to |
| 39 |
configure the iface, use 0.0.0.0 if it forces you to put in an IP. |
| 40 |
ifconfig should also work. Emerge snort, then pick up from there. |
| 41 |
|
| 42 |
HTH. If I had a box with 2 NICs I'd test it for you. ;-) |
| 43 |
|
| 44 |
- -- |
| 45 |
gentux |
| 46 |
echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge' |
| 47 |
|
| 48 |
gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40 9795 2D81 924A |
| 49 |
6996 0993 |
| 50 |
-----BEGIN PGP SIGNATURE----- |
| 51 |
Version: GnuPG v1.4.1 (GNU/Linux) |
| 52 |
|
| 53 |
iD8DBQFDVly6LYGSSmmWCZMRAhEaAJ9OKMTgw1+itOYJlJ3jQDeICaV8kgCgs7UG |
| 54 |
rn/k2An4tKu5H9ztmCbFsUU= |
| 55 |
=YJ+q |
| 56 |
-----END PGP SIGNATURE----- |
| 57 |
|
| 58 |
-- |
| 59 |
gentoo-user@g.o mailing list |
Archives