Hosting Provided By

RE: NIC in stealth mode?

From: Angie Moore <diabeticithink(at)yahoo.com>
Date: Wed Aug 01 2007 - 10:28:11 EDT

Hi George

Thanks for the reply. This is for and IDS. Unfortunately, I'm running RHEL 4.0 and it does not have an "ifgcfg" file. Should it?

Thanks

Anne

-----Original Message-----
From: redhat-list-bounces@redhat.com [mailto:redhat-list-bounces@redhat.com] On Behalf Of George Magklaras
Sent: Wednesday, August 01, 2007 4:08 AM To: General Red Hat Linux discussion list Subject: Re: NIC in stealth mode?

I am a bit unclear on the context of the question. A stealth mode NIC is normally a NIC that hasn't got a protocol stack bound to it (no TCP/IP v4/v6 settings), IP forwarding disabled and under some circumstances the MAC address zeroed. This is normally called 'stealth mode NIC' and is a precondition for some network monitoring apps (IDS/IPS). Depending on the setup and the type of monitoring you are trying to achieve, normally choosing a NIC that you do not use and running the monitoring program telling it which interface should use to monitored (if you have more than 1 network card) should place the NIC in stealth mode automatically. However, if the interface is already on an IP address, things might not work properly. In this case on a RedHat system:

(you will need 'root' for this)
1)Find the interface you want to monitor from (say eth1). 2)Backup your /etc/sysconfig/network and /etc/sysconfig/network-scripts directories, in case you need to revert to the original settings quickly. 3)Edit the /etc/sysconfig/network-scripts/ifcfg-eth1 file to look like: DEVICE=eth1
USERCTL=no
ONBOOT=yes
BOOTPROTO=
BROADCAST=
NETWORK=
NETMASK=
IPADDR=
IPV6INIT=no
4)/etc/sysconfig/network-scripts/ifdown-ipv6 eth1 5)ifdown eth1 6)Make sure that /proc/sys/net/ipv4/ip_forward is set to 0 (no IP forwarding).

At this point, your eth1 NIC should be ready to be used in stealth mode by the monitoring application, which will attempt to use it.

Do you need help?

If you say a bit more about the context, we could provide more help.

Anne wrote:
> Hi All, is there a way to put the Red Hat 4.0 NIC in Stealth mode? Or
> is there any such thing?
>
> Thank you for you help!
>
> Anne

--
--
George Magklaras

Senior Computer Systems Engineer/UNIX Systems Administrator EMBnet Technical
Management Board The Biotechnology Centre of Oslo, University of Oslo
http://www.biotek.uio.no/

EMBnet Norway:	
http://www.no.embnet.org/


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Received on Wed Aug 1 10:28:48 2007

This message: [ Message body ]
Next message: George Magklaras: "Re: NIC in stealth mode?"
Previous message: Hicheal Morton: "Re: RH EL5 - Broadcom Netlink Fast Ethernet"
In reply to: George Magklaras: "Re: NIC in stealth mode?"
Next in thread: George Magklaras: "Re: NIC in stealth mode?"
Reply: George Magklaras: "Re: NIC in stealth mode?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Thu Aug 09 2007 - 23:34:38 EDT