Hello, (Stealth ethernet saga continues) Well, after much ado, it seems quite easy (trivial) to hide an ethernet interface, while being able to collect reems of local ethernet traffic based data, from both snort and ethereal.
Here's the normal ethernet interace on a portable: /sbin/ifconfig -a eth0 Link encap:Ethernet HWaddr 00:90:F5:0D:30:0E inet addr:192.168.2.15 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 issued: route delete default ifconfig eth0 inet 0.0.0.0 and voila: /sbin/infconif -a eth0 Link encap:Ethernet HWaddr 00:90:F5:0D:30:0E UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 On any system, 'ping 0.0.0.0' receives responses from the local interface. What I need is for folks to test and verify that an ethernet interface setup this way, is indeed invisible (undetectable) by other systems. If you find this is not true, please tell me what you did and what tool/syntax you used to discover/detect a system with an ethernet interface set up this way.... James -- gentoo-user@gentoo.org mailing list