Re: NIC in stealth mode?

---

• From: George Magklaras <georgios@xxxxxxxxxxxxx>
• Date: Wed, 01 Aug 2007 10:07:50 +0200

---

I am a bit unclear on the context of the question. A stealth mode NIC is normally a NIC that hasn't got a protocol stack bound to it (no TCP/IP v4/v6 settings), IP forwarding disabled and under some circumstances the MAC address zeroed. This is normally called 'stealth mode NIC' and is a precondition for some network monitoring apps (IDS/IPS). Depending on the setup and the type of monitoring you are trying to achieve, normally choosing a NIC that you do not use and running the monitoring program telling it which interface should use to monitored (if you have more than 1 network card) should place the NIC in stealth mode automatically. However, if the interface is already on an IP address, things might not work properly. In this case on a RedHat system:

(you will need 'root' for this)
1)Find the interface you want to monitor from (say eth1).
2)Backup your /etc/sysconfig/network and /etc/sysconfig/network-scripts directories, in case you need to revert to the original settings quickly.
3)Edit the /etc/sysconfig/network-scripts/ifcfg-eth1 file to look like:
DEVICE=eth1
USERCTL=no
ONBOOT=yes
BOOTPROTO=
BROADCAST=
NETWORK=
NETMASK=
IPADDR=
IPV6INIT=no
4)/etc/sysconfig/network-scripts/ifdown-ipv6 eth1
5)ifdown eth1
6)Make sure that /proc/sys/net/ipv4/ip_forward is set to 0 (no IP forwarding).

At this point, your eth1 NIC should be ready to be used in stealth mode by the monitoring application, which will attempt to use it.

If you say a bit more about the context, we could provide more help.

GM


Anne wrote:

Hi All, is there a way to put the Red Hat 4.0 NIC in Stealth mode? Or is
there any such thing?
Thank you for you help!
Anne

--
--
George Magklaras

Senior Computer Systems Engineer/UNIX Systems Administrator
EMBnet Technical Management Board
The Biotechnology Centre of Oslo,
University of Oslo
http://www.biotek.uio.no/

EMBnet Norway: http://www.no.embnet.org/


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

---

• Follow-Ups:
  • RE: NIC in stealth mode?
    • From: Angie Moore

• Prev by Date: How to permanently set a network interface to promiscuous mode?
• Next by Date: RH EL5 - Broadcom Netlink Fast Ethernet
• Previous by thread: How to permanently set a network interface to promiscuous mode?
• Next by thread: RE: NIC in stealth mode?
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: NIC in stealth mode? ... Unfortunately, I'm running RHEL ... Subject: NIC in stealth mode? ... precondition for some network monitoring apps. ... telling it which interface should use to monitored (if you have more than 1 ... (RedHat) Re: NIC in stealth mode? ... If the ifcfg-ethx file is not there, ... create the file with the suggested contents and try to do an ifup eth1. ... This should create the ifcfg-eth1 file and then you can go and modify it as suggested to get your NIC into stealth mode. ... precondition for some network monitoring apps. ... (RedHat) RE: NIC in stealth mode? ... Subject: NIC in stealth mode? ... If the ifcfg-ethx file is not ... driver recognizes the additional NIC device (say eth1). ... Depending on the setup and the type of monitoring you are trying to ... (RedHat) Re: Solaris 9 and Sunscreen 3.2 Stealth Mode ... > dmfe0 interface with the corresponding addresses. ... > the NICs should be configured prior to Sunscreen installation. ... For a stealth mode screen, you only setup your admin interface prior to ... (comp.unix.solaris) Re: IDS Stealth Mode ... > A common deployment configuration of Network IDS is to have 2 NICs; ... > Teh monitoring interface in "stealth mode" with no IP ... > the "management" interface on a trusted internal network. ... (Focus-IDS)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Mailing-Lists  > RedHat  > 2007-08