NIC in stealth mode?

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Installation - Getting started with Red Hat Linux

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	sendmail configuration on redhat
•	kernel 2 6 and /dev/sound/mixer not found
•	Promise 378 controller
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	Lotus Notes under Wine
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	rpm database corrupt
•	Command stream end of file while reading
•	qla2300 modules

NIC in stealth mode?

NIC in stealth mode?

2007-08-01 - By George Magklaras

Back

Reply: 1 2 3 4 5 6

I am a bit unclear on the context of the question. A stealth mode NIC is
normally a NIC that hasn't got a protocol stack bound to it (no TCP/IP
v4/v6 settings), IP forwarding disabled and under some circumstances
the MAC address zeroed. This is normally called 'stealth mode NIC' and
is a precondition for some network monitoring apps (IDS/IPS). Depending
on the setup and the type of monitoring you are trying to achieve,
normally choosing a NIC that you do not use and running the monitoring
program telling it which interface should use to monitored (if you have
more than 1 network card) should place the NIC in stealth mode
automatically. However, if the interface is already on an IP address,
things might not work properly. In this case on a RedHat system:

(you will need 'root' for this)
1)Find the interface you want to monitor from (say eth1).
2)Backup your /etc/sysconfig/network and /etc/sysconfig/network-scripts
directories, in case you need to revert to the original settings quickly.
3)Edit the /etc/sysconfig/network-scripts/ifcfg-eth1 file to look like:
DEVICE=eth1
USERCTL=no
ONBOOT=yes
BOOTPROTO=
BROADCAST=
NETWORK=
NETMASK=
IPADDR=
IPV6INIT=no
4)/etc/sysconfig/network-scripts/ifdown-ipv6 eth1
5)ifdown eth1
6)Make sure that /proc/sys/net/ipv4/ip_forward is set to 0 (no IP
forwarding).

At this point, your eth1 NIC should be ready to be used in stealth mode
by the monitoring application, which will attempt to use it.

If you say a bit more about the context, we could provide more help.

GM

Anne wrote:
> Hi All, is there a way to put the Red Hat 4.0 NIC in Stealth mode? Or is
> there any such thing?
>
> Thank you for you help!
>
> Anne

--
--
George Magklaras

Senior Computer Systems Engineer/UNIX Systems Administrator
EMBnet Technical Management Board
The Biotechnology Centre of Oslo,
University of Oslo
http://www.biotek.uio.no/

EMBnet Norway: http://www.no.embnet.org/

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@(protected)?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list