NIC in stealth mode?

[George Magklaras]

I am a bit unclear on the context of the question. A stealth mode NIC is 
normally a NIC that hasn't got a protocol stack bound to it (no TCP/IP 
v4/v6 settings),  IP forwarding disabled and under some circumstances 
the MAC address zeroed. This is normally called 'stealth mode NIC' and 
is a precondition for some network monitoring apps (IDS/IPS). Depending 
on the setup and the type of monitoring you are trying to achieve, 
normally choosing a NIC that you do not use and running the monitoring 
program telling it which interface should use to monitored (if you have 
more than 1 network card) should place the NIC in stealth mode 
automatically. However, if the interface is already on an IP address, 
things might not work properly. In this case on a RedHat system:

(you will need 'root' for this)
1)Find the interface you want to monitor from (say eth1).
2)Backup your /etc/sysconfig/network and /etc/sysconfig/network-scripts 
directories, in case you need to revert to the original settings quickly.
3)Edit the /etc/sysconfig/network-scripts/ifcfg-eth1 file to look like:
DEVICE=eth1
USERCTL=no
ONBOOT=yes
BOOTPROTO=
BROADCAST=
NETWORK=
NETMASK=
IPADDR=
IPV6INIT=no
4)/etc/sysconfig/network-scripts/ifdown-ipv6 eth1
5)ifdown eth1
6)Make sure that /proc/sys/net/ipv4/ip_forward is set to 0 (no IP 
forwarding).

At this point, your eth1 NIC should be ready to be used in stealth mode 
by the monitoring application, which will attempt to use it.

If you say a bit more about the context, we could provide more help.

GM


Anne wrote:
> Hi All, is there a way to put the Red Hat 4.0 NIC in Stealth mode? Or is
> there any such thing?
>  
> Thank you for you help!
>  
> Anne

-- 
--
George Magklaras

Senior Computer Systems Engineer/UNIX Systems Administrator
EMBnet Technical Management Board
The Biotechnology Centre of Oslo,
University of Oslo
http://www.biotek.uio.no/

EMBnet Norway:	http://www.no.embnet.org/