-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 James wrote:
>Hello, > >For a variety of reasons, I need to be able to make an ethernet >interface on a gentoo system, change into listen only (stealth mode). >Kind of like half duplex, so to speak. Any simple tricks? >Just disabling all responses from the ethernet interface would do. >I know I can just use 'ifconfig eth0 down' but anything more >elegant or that would allow the interface to keep receiving >packets for analysis and logging would be better. > >At other times I need to run a full blown IDS, like snort, >on an ethernet port, but without being externally detected. >What would be best method (tools) to ensure the interface is actually >not detectable on a given lan segment? >Here is a good (Redhat) but old link that kind of outlines the idea: > >http://www.linuxjournal.com/article/6222 > >Any web pages, documents or information that is more current and >gentoo specific would be of greatly appreciated. > >TIA, > >James > I've set up Solaris systems with multiple NICs, 1 as a command-and-control interface, and 1 as a "sniffing" interface. The sniffing interface was configured without an IP. I don't see any reason why this can't be done in gentoo. I guess it depends on how "non-detectable" you need to be. - -- gentux echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge' gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40 9795 2D81 924A 6996 0993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDVccVLYGSSmmWCZMRAu4OAJ9nAfOv124BdEfcSf7hYVlQviljAQCgsPNs wOXDcsBhtk1uRXDm8yX9oq0= =Rq/B -----END PGP SIGNATURE----- -- [email protected] mailing list
