| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
James wrote: |
| 5 |
|
| 6 |
>Hello, |
| 7 |
> |
| 8 |
>For a variety of reasons, I need to be able to make an ethernet |
| 9 |
>interface on a gentoo system, change into listen only (stealth mode). |
| 10 |
>Kind of like half duplex, so to speak. Any simple tricks? |
| 11 |
>Just disabling all responses from the ethernet interface would do. |
| 12 |
>I know I can just use 'ifconfig eth0 down' but anything more |
| 13 |
>elegant or that would allow the interface to keep receiving |
| 14 |
>packets for analysis and logging would be better. |
| 15 |
> |
| 16 |
>At other times I need to run a full blown IDS, like snort, |
| 17 |
>on an ethernet port, but without being externally detected. |
| 18 |
>What would be best method (tools) to ensure the interface is actually |
| 19 |
>not detectable on a given lan segment? |
| 20 |
>Here is a good (Redhat) but old link that kind of outlines the idea: |
| 21 |
> |
| 22 |
>http://www.linuxjournal.com/article/6222 |
| 23 |
> |
| 24 |
>Any web pages, documents or information that is more current and |
| 25 |
>gentoo specific would be of greatly appreciated. |
| 26 |
> |
| 27 |
>TIA, |
| 28 |
> |
| 29 |
>James |
| 30 |
> |
| 31 |
I've set up Solaris systems with multiple NICs, 1 as a |
| 32 |
command-and-control interface, and 1 as a "sniffing" interface. The |
| 33 |
sniffing interface was configured without an IP. I don't see any |
| 34 |
reason why this can't be done in gentoo. I guess it depends on how |
| 35 |
"non-detectable" you need to be. |
| 36 |
|
| 37 |
- -- |
| 38 |
gentux |
| 39 |
echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge' |
| 40 |
|
| 41 |
gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40 9795 2D81 924A |
| 42 |
6996 0993 |
| 43 |
-----BEGIN PGP SIGNATURE----- |
| 44 |
Version: GnuPG v1.4.1 (GNU/Linux) |
| 45 |
|
| 46 |
iD8DBQFDVccVLYGSSmmWCZMRAu4OAJ9nAfOv124BdEfcSf7hYVlQviljAQCgsPNs |
| 47 |
wOXDcsBhtk1uRXDm8yX9oq0= |
| 48 |
=Rq/B |
| 49 |
-----END PGP SIGNATURE----- |
| 50 |
|
| 51 |
-- |
| 52 |
gentoo-user@g.o mailing list |
Archives