[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: NIC in stealth mode?

Hi George

Thanks for the reply. This is for and IDS. Unfortunately, I'm running RHEL
4.0 and it does not have an "ifgcfg" file. Should it?



-----Original Message-----
From: redhat-list-bounces redhat com [mailto:redhat-list-bounces redhat com]
On Behalf Of George Magklaras
Sent: Wednesday, August 01, 2007 4:08 AM
To: General Red Hat Linux discussion list
Subject: Re: NIC in stealth mode?

I am a bit unclear on the context of the question. A stealth mode NIC is
normally a NIC that hasn't got a protocol stack bound to it (no TCP/IP
v4/v6 settings),  IP forwarding disabled and under some circumstances the
MAC address zeroed. This is normally called 'stealth mode NIC' and is a
precondition for some network monitoring apps (IDS/IPS). Depending on the
setup and the type of monitoring you are trying to achieve, normally
choosing a NIC that you do not use and running the monitoring program
telling it which interface should use to monitored (if you have more than 1
network card) should place the NIC in stealth mode automatically. However,
if the interface is already on an IP address, things might not work
properly. In this case on a RedHat system:

(you will need 'root' for this)
1)Find the interface you want to monitor from (say eth1).
2)Backup your /etc/sysconfig/network and /etc/sysconfig/network-scripts
directories, in case you need to revert to the original settings quickly.
3)Edit the /etc/sysconfig/network-scripts/ifcfg-eth1 file to look like:
4)/etc/sysconfig/network-scripts/ifdown-ipv6 eth1 5)ifdown eth1 6)Make sure
that /proc/sys/net/ipv4/ip_forward is set to 0 (no IP forwarding).

At this point, your eth1 NIC should be ready to be used in stealth mode by
the monitoring application, which will attempt to use it.

If you say a bit more about the context, we could provide more help.


Anne wrote:
> Hi All, is there a way to put the Red Hat 4.0 NIC in Stealth mode? Or 
> is there any such thing?
> Thank you for you help!
> Anne

George Magklaras

Senior Computer Systems Engineer/UNIX Systems Administrator EMBnet Technical
Management Board The Biotechnology Centre of Oslo, University of Oslo

EMBnet Norway:	http://www.no.embnet.org/

redhat-list mailing list
unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]