Hello,
(Stealth ethernet saga continues)
Well, after much ado, it seems quite easy (trivial) to hide an ethernet
interface, while being able to collect reems of local ethernet traffic
based data, from both snort and ethereal.
Here's the normal ethernet interace on a portable:
/sbin/ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:90:F5:0D:30:0E
inet addr:192.168.2.15 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
issued:
route delete default
ifconfig eth0 inet 0.0.0.0
and voila:
/sbin/infconif -a
eth0 Link encap:Ethernet HWaddr 00:90:F5:0D:30:0E
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
On any system, 'ping 0.0.0.0' receives responses from the local
interface.
What I need is for folks to test and verify that an ethernet
interface setup this way, is indeed invisible (undetectable)
by other systems.
If you find this is not true, please tell me what you did and
what tool/syntax you used to discover/detect a system with an
ethernet interface set up this way....
James
--
gentoo-user@gentoo.org mailing list
