1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
James wrote: |
5 |
|
6 |
>gentuxx <gentuxx <at> gmail.com> writes: |
7 |
> |
8 |
>>I've set up Solaris systems with multiple NICs, 1 as a |
9 |
>>command-and-control interface, and 1 as a "sniffing" interface. The |
10 |
>>sniffing interface was configured without an IP. |
11 |
> |
12 |
> |
13 |
>Did you partially configure the ethernet port? How does it receive |
14 |
>(listen) to traffic on a flat hub? |
15 |
> |
16 |
> |
17 |
Yeah. Set the ifc to no ip and then brought it up. Then we set up a |
18 |
switch monitoring port to receive all the traffic. Keep in mind this |
19 |
is in an enterprise-level production environment. We weren't just |
20 |
trying to sniff our girlfriends'...traffic. ;-) |
21 |
|
22 |
>>I don't see any reason why this can't be done in gentoo. |
23 |
>>I guess it depends on how "non-detectable" you need to be. |
24 |
> |
25 |
> |
26 |
>Well this is the essence of the method described at: |
27 |
>http://www.linuxjournal.com/article/6222 |
28 |
> |
29 |
>This article is redhat centric, so I was looking for a method |
30 |
>that has been implemented and tested with gentoo.... |
31 |
> |
32 |
>Any further details are welcome. |
33 |
> |
34 |
>James |
35 |
> |
36 |
I don't know of anything specifically. But the setup should be |
37 |
basically the same as in the article, except for the interface config |
38 |
and snort installation. Just use net-cfg eth1 (or whatever) to |
39 |
configure the iface, use 0.0.0.0 if it forces you to put in an IP. |
40 |
ifconfig should also work. Emerge snort, then pick up from there. |
41 |
|
42 |
HTH. If I had a box with 2 NICs I'd test it for you. ;-) |
43 |
|
44 |
- -- |
45 |
gentux |
46 |
echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge' |
47 |
|
48 |
gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40 9795 2D81 924A |
49 |
6996 0993 |
50 |
-----BEGIN PGP SIGNATURE----- |
51 |
Version: GnuPG v1.4.1 (GNU/Linux) |
52 |
|
53 |
iD8DBQFDVly6LYGSSmmWCZMRAhEaAJ9OKMTgw1+itOYJlJ3jQDeICaV8kgCgs7UG |
54 |
rn/k2An4tKu5H9ztmCbFsUU= |
55 |
=YJ+q |
56 |
-----END PGP SIGNATURE----- |
57 |
|
58 |
-- |
59 |
gentoo-user@g.o mailing list |