RE: [fw-wiz] stealth ports and IDS

• Previous message: Kevin Steves: "Re: [fw-wiz] stealth ports and IDS"
• Next in thread: Ben Nagy: "RE: [fw-wiz] stealth ports and IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

One can build a stackless kernel for linux.  I've done it.  Using make
menuconfig, or make xconfig, whatever, remove TCP/IP support from the
kernel.  May as well remove the other transport layer choices as well.

You will need a new ifconfig.  I built mine as well as other utilities using
the net-tools packages.  I have heard that newer releases of RH will provide
this without using net-tools.

This is at the heart of hogwash in stealth mode, see:
http://hogwash.sourceforge.net/ and find the writeup by Michael Karagiannis
listed  the main page under Stackless Hogwash Howto.


Regards,

Bruce

> -----Original Message-----
> From: Paul D. Robertson [mailto:probertsat_private]
> Sent: Thursday, October 03, 2002 11:09 AM
> To: James X
> Cc: firewall-wizardsat_private
> Subject: Re: [fw-wiz] stealth ports and IDS
> 
> 
> On 3 Oct 2002, James X wrote:
> 
> > One stumbling box has been the idea of a stealth port.  I usually
> > operate my IDS boxes with the interfaces in stealth mode ie no IP
> > address or stack. I do not know of a way of acheiving this 
> using linux
> > or netBSD etc.. and without it I would feel rather 
> vulnerable. To help
> 
> Maybe it's just me, but how about just not putting an IP 
> address on the 
> interface?  
> 
> I doubt you can get away with not puting IP in the kernel, 
> but I really 
> don't know enough about how libpcap does its thing to say for sure...
> 
> Paul
> --------------------------------------------------------------
> ---------------
> Paul D. Robertson      "My statements in this message are 
> personal opinions
> probertsat_private      which may have no basis whatsoever in fact."
> probertsonat_private Director of Risk Assessment 
> TruSecure Corporation
> 
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizardsat_private
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
> 
_______________________________________________
firewall-wizards mailing list
firewall-wizardsat_private
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Next message: Paul D. Robertson: "Re: [fw-wiz] SANS Top Ten and Commercial Firewalls"
• Previous message: Kevin Steves: "Re: [fw-wiz] stealth ports and IDS"
• Next in thread: Ben Nagy: "RE: [fw-wiz] stealth ports and IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 03 2002 - 21:52:25 PDT