[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: NIC in stealth mode?

I assume you have another NIC on the box, OK? If the ifcfg-ethx file is not there, this means two things:

1)Either you have never configured the other NIC.
2)The NIC does not exist (the device driver initialization failed).

If you do a:
cat /proc/net/dev

you should be able to see all the eth devices, so you know that the NIC driver recognizes the additional NIC device (say eth1). This rules out number 2. In that case, create the file with the suggested contents and try to do an ifup eth1.

If you don't fill comfortable with all this and you have X on the box, launch 'system-config-network' (redhat-specific) and try to configure eth1 (with an internal 192.168 bogus IP). This should create the ifcfg-eth1 file and then you can go and modify it as suggested to get your NIC into stealth mode.

For number 2, you have to to tell me what kind of box or motherboard you have, if you do not see another device in /proc/net/dev and you are sure that your additional NIC card is in sound condition.


Angie Moore wrote:
Hi George

Thanks for the reply. This is for and IDS. Unfortunately, I'm running RHEL
4.0 and it does not have an "ifgcfg" file. Should it?



-----Original Message-----
From: redhat-list-bounces redhat com [mailto:redhat-list-bounces redhat com]
On Behalf Of George Magklaras
Sent: Wednesday, August 01, 2007 4:08 AM
To: General Red Hat Linux discussion list
Subject: Re: NIC in stealth mode?

I am a bit unclear on the context of the question. A stealth mode NIC is
normally a NIC that hasn't got a protocol stack bound to it (no TCP/IP
v4/v6 settings),  IP forwarding disabled and under some circumstances the
MAC address zeroed. This is normally called 'stealth mode NIC' and is a
precondition for some network monitoring apps (IDS/IPS). Depending on the
setup and the type of monitoring you are trying to achieve, normally
choosing a NIC that you do not use and running the monitoring program
telling it which interface should use to monitored (if you have more than 1
network card) should place the NIC in stealth mode automatically. However,
if the interface is already on an IP address, things might not work
properly. In this case on a RedHat system:

(you will need 'root' for this)
1)Find the interface you want to monitor from (say eth1).
2)Backup your /etc/sysconfig/network and /etc/sysconfig/network-scripts
directories, in case you need to revert to the original settings quickly.
3)Edit the /etc/sysconfig/network-scripts/ifcfg-eth1 file to look like:
4)/etc/sysconfig/network-scripts/ifdown-ipv6 eth1 5)ifdown eth1 6)Make sure
that /proc/sys/net/ipv4/ip_forward is set to 0 (no IP forwarding).

At this point, your eth1 NIC should be ready to be used in stealth mode by
the monitoring application, which will attempt to use it.

If you say a bit more about the context, we could provide more help.


Anne wrote:
Hi All, is there a way to put the Red Hat 4.0 NIC in Stealth mode? Or is there any such thing? Thank you for you help! Anne

George Magklaras

Senior Computer Systems Engineer/UNIX Systems Administrator EMBnet Technical
Management Board The Biotechnology Centre of Oslo, University of Oslo

EMBnet Norway:	http://www.no.embnet.org/

redhat-list mailing list
unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]