Hi George Thanks for the reply. This is for and IDS. Unfortunately, I'm running RHEL 4.0 and it does not have an "ifgcfg" file. Should it? Thanks Anne -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of George Magklaras Sent: Wednesday, August 01, 2007 4:08 AM To: General Red Hat Linux discussion list Subject: Re: NIC in stealth mode? I am a bit unclear on the context of the question. A stealth mode NIC is normally a NIC that hasn't got a protocol stack bound to it (no TCP/IP v4/v6 settings), IP forwarding disabled and under some circumstances the MAC address zeroed. This is normally called 'stealth mode NIC' and is a precondition for some network monitoring apps (IDS/IPS). Depending on the setup and the type of monitoring you are trying to achieve, normally choosing a NIC that you do not use and running the monitoring program telling it which interface should use to monitored (if you have more than 1 network card) should place the NIC in stealth mode automatically. However, if the interface is already on an IP address, things might not work properly. In this case on a RedHat system: (you will need 'root' for this) 1)Find the interface you want to monitor from (say eth1). 2)Backup your /etc/sysconfig/network and /etc/sysconfig/network-scripts directories, in case you need to revert to the original settings quickly. 3)Edit the /etc/sysconfig/network-scripts/ifcfg-eth1 file to look like: DEVICE=eth1 USERCTL=no ONBOOT=yes BOOTPROTO= BROADCAST= NETWORK= NETMASK= IPADDR= IPV6INIT=no 4)/etc/sysconfig/network-scripts/ifdown-ipv6 eth1 5)ifdown eth1 6)Make sure that /proc/sys/net/ipv4/ip_forward is set to 0 (no IP forwarding). At this point, your eth1 NIC should be ready to be used in stealth mode by the monitoring application, which will attempt to use it. If you say a bit more about the context, we could provide more help. GM Anne wrote: > Hi All, is there a way to put the Red Hat 4.0 NIC in Stealth mode? Or > is there any such thing? > > Thank you for you help! > > Anne -- -- George Magklaras Senior Computer Systems Engineer/UNIX Systems Administrator EMBnet Technical Management Board The Biotechnology Centre of Oslo, University of Oslo http://www.biotek.uio.no/ EMBnet Norway: http://www.no.embnet.org/ -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
