I assume you have another NIC on the box, OK? If the ifcfg-ethx file is
not there, this means two things:
1)Either you have never configured the other NIC.
2)The NIC does not exist (the device driver initialization failed).
If you do a:
cat /proc/net/dev
you should be able to see all the eth devices, so you know that the NIC
driver recognizes the additional NIC device (say eth1). This rules out
number 2. In that case, create the file with the suggested contents and
try to do an ifup eth1.
If you don't fill comfortable with all this and you have X on the box,
launch 'system-config-network' (redhat-specific) and try to configure
eth1 (with an internal 192.168 bogus IP). This should create the
ifcfg-eth1 file and then you can go and modify it as suggested to get
your NIC into stealth mode.
For number 2, you have to to tell me what kind of box or motherboard you
have, if you do not see another device in /proc/net/dev and you are sure
that your additional NIC card is in sound condition.
GM
Angie Moore wrote:
Hi George
Thanks for the reply. This is for and IDS. Unfortunately, I'm running RHEL
4.0 and it does not have an "ifgcfg" file. Should it?
Thanks
Anne
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx]
On Behalf Of George Magklaras
Sent: Wednesday, August 01, 2007 4:08 AM
To: General Red Hat Linux discussion list
Subject: Re: NIC in stealth mode?
I am a bit unclear on the context of the question. A stealth mode NIC is
normally a NIC that hasn't got a protocol stack bound to it (no TCP/IP
v4/v6 settings), IP forwarding disabled and under some circumstances the
MAC address zeroed. This is normally called 'stealth mode NIC' and is a
precondition for some network monitoring apps (IDS/IPS). Depending on the
setup and the type of monitoring you are trying to achieve, normally
choosing a NIC that you do not use and running the monitoring program
telling it which interface should use to monitored (if you have more than 1
network card) should place the NIC in stealth mode automatically. However,
if the interface is already on an IP address, things might not work
properly. In this case on a RedHat system:
(you will need 'root' for this)
1)Find the interface you want to monitor from (say eth1).
2)Backup your /etc/sysconfig/network and /etc/sysconfig/network-scripts
directories, in case you need to revert to the original settings quickly.
3)Edit the /etc/sysconfig/network-scripts/ifcfg-eth1 file to look like:
DEVICE=eth1
USERCTL=no
ONBOOT=yes
BOOTPROTO=
BROADCAST=
NETWORK=
NETMASK=
IPADDR=
IPV6INIT=no
4)/etc/sysconfig/network-scripts/ifdown-ipv6 eth1 5)ifdown eth1 6)Make sure
that /proc/sys/net/ipv4/ip_forward is set to 0 (no IP forwarding).
At this point, your eth1 NIC should be ready to be used in stealth mode by
the monitoring application, which will attempt to use it.
If you say a bit more about the context, we could provide more help.
GM
Anne wrote:
Hi All, is there a way to put the Red Hat 4.0 NIC in Stealth mode? Or
is there any such thing?
Thank you for you help!
Anne
--
--
George Magklaras
Senior Computer Systems Engineer/UNIX Systems Administrator EMBnet Technical
Management Board The Biotechnology Centre of Oslo, University of Oslo
http://www.biotek.uio.no/
EMBnet Norway: http://www.no.embnet.org/
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
