On 10/18/05, James <[EMAIL PROTECTED]> wrote: > Hello, > > For a variety of reasons, I need to be able to make an ethernet > interface on a gentoo system, change into listen only (stealth mode). > Kind of like half duplex, so to speak. Any simple tricks? > Just disabling all responses from the ethernet interface would do. > I know I can just use 'ifconfig eth0 down' but anything more > elegant or that would allow the interface to keep receiving > packets for analysis and logging would be better. > > At other times I need to run a full blown IDS, like snort, > on an ethernet port, but without being externally detected. > What would be best method (tools) to ensure the interface is actually > not detectable on a given lan segment? > Here is a good (Redhat) but old link that kind of outlines the idea: > > http://www.linuxjournal.com/article/6222 > > Any web pages, documents or information that is more current and > gentoo specific would be of greatly appreciated. >
I would suggest using iptables to simply DROP all outgoing packets. -- Justin Patrin -- gentoo-user@gentoo.org mailing list
