Hello, You can make a machine almost invisible with iptables. I have a firewall box with multiple IP's on one interface. The one IP address does not have any servers listening on it. So if I do a nmap for all TCP and UDP ports and watch the traffic through a TCP dump the only responses I see are ARP replies. So besides the response to ARP traffic no packets were sent out .. so if I could disable the ARP reply a nothing would be known. The nmap scanned could only tell me that all ports a filtered :) If you have a service on the IP -- like a web server I can not see you being able to hide it. Also iptables by default is a IP based filter you a rule like: iptables -A INPUT -j DROP will not drop layer two stuff. You could try: iptables -I INPUT -m mac -j DROP but I am not sure what this would cause and what else it will break :0 Michael. On Tue, 2 Dec 2003 09:40:09 +0500 "Babar Kazmi" <BabarKazmi@xxxxxxxxxxx> wrote: > Hello .. > > As far as I know iptables use MAC Address information for filtering. > It cant be used for filtering packets, and I assume iptables cannot edit / > modify ARP / RARP stuff. > > If you find an alternate way, Do Share :) > > Regards > > Babar Kazmi. > > ----- Original Message ----- > From: "Thomas Preissler" <tomjohn@xxxxxx> > To: "netfilter-user Mailinglist" <netfilter@xxxxxxxxxxxxxxxxxxx> > Sent: Sunday, November 30, 2003 3:12 PM > Subject: How to make a computer invisible > > > > Hello folks, > > > > how do I really make a computer totally invisibly as it would be > > when it does not exist? > > > > It is clear, that the simplest solution is to DROP all incoming > > packets, but what's about (R)ARP packets? Can they be blocked anyway? > > > > > > > -- Michael Gale Network Administrator Utilitran Corporation
