RE: [fw-wiz] stealth ports and IDS

From: Bruce Platt (
Date: 10/03/02

From: Bruce Platt <>
To: "Paul D. Robertson" <>, James X <>
Date: Thu Oct  3 12:45:23 2002

One can build a stackless kernel for linux. I've done it. Using make
menuconfig, or make xconfig, whatever, remove TCP/IP support from the
kernel. May as well remove the other transport layer choices as well.

You will need a new ifconfig. I built mine as well as other utilities using
the net-tools packages. I have heard that newer releases of RH will provide
this without using net-tools.

This is at the heart of hogwash in stealth mode, see: and find the writeup by Michael Karagiannis
listed the main page under Stackless Hogwash Howto.



> -----Original Message-----
> From: Paul D. Robertson []
> Sent: Thursday, October 03, 2002 11:09 AM
> To: James X
> Cc:
> Subject: Re: [fw-wiz] stealth ports and IDS
> On 3 Oct 2002, James X wrote:
> > One stumbling box has been the idea of a stealth port. I usually
> > operate my IDS boxes with the interfaces in stealth mode ie no IP
> > address or stack. I do not know of a way of acheiving this
> using linux
> > or netBSD etc.. and without it I would feel rather
> vulnerable. To help
> Maybe it's just me, but how about just not putting an IP
> address on the
> interface?
> I doubt you can get away with not puting IP in the kernel,
> but I really
> don't know enough about how libpcap does its thing to say for sure...
> Paul
> --------------------------------------------------------------
> ---------------
> Paul D. Robertson "My statements in this message are
> personal opinions
> which may have no basis whatsoever in fact."
> Director of Risk Assessment
> TruSecure Corporation
> _______________________________________________
> firewall-wizards mailing list