Linux Journal had an article on this a while back. Here's the link: http://www.linuxjournal.com/article.php?sid=6222 -- Richard Jankowski Senior Security Analyst Information Security Memorial Sloan-Kettering Cancer Center 1050 Wall Street West - 5th Floor Lyndhurst, NJ 07071 Ph: 201-635-5429 Fax: 201-507-1909 -----Original Message----- From: proberts [mailto:probertsat_private] Sent: Thursday, October 03, 2002 11:09 AM To: scouser Cc: firewall-wizards Subject: Re: [fw-wiz] stealth ports and IDS On 3 Oct 2002, James X wrote: > One stumbling box has been the idea of a stealth port. I usually > operate my IDS boxes with the interfaces in stealth mode ie no IP > address or stack. I do not know of a way of acheiving this using linux > or netBSD etc.. and without it I would feel rather vulnerable. To help Maybe it's just me, but how about just not putting an IP address on the interface? I doubt you can get away with not puting IP in the kernel, but I really don't know enough about how libpcap does its thing to say for sure... Paul ------------------------------------------------------------------------ ----- Paul D. Robertson "My statements in this message are personal opinions probertsat_private which may have no basis whatsoever in fact." probertsonat_private Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Thu Oct 03 2002 - 21:52:15 PDT