RE: [fw-wiz] stealth ports and IDS
From: Bruce Platt (Bruce@ei3.com)
Date: 10/03/02
- Next message: Todd Underwood: "Re: [fw-wiz] stealth ports and IDS"
- Previous message: Kevin Steves: "Re: [fw-wiz] stealth ports and IDS"
- Maybe in reply to: James X: "[fw-wiz] stealth ports and IDS"
- Next in thread: Anton A. Chuvakin: "Re: [fw-wiz] SANS Top Ten and Commercial Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Bruce Platt <Bruce@ei3.com> To: "Paul D. Robertson" <proberts@patriot.net>, James X <scouser@paradise.net.nz> Date: Thu Oct 3 12:45:23 2002
One can build a stackless kernel for linux. I've done it. Using make
menuconfig, or make xconfig, whatever, remove TCP/IP support from the
kernel. May as well remove the other transport layer choices as well.
You will need a new ifconfig. I built mine as well as other utilities using
the net-tools packages. I have heard that newer releases of RH will provide
this without using net-tools.
This is at the heart of hogwash in stealth mode, see:
http://hogwash.sourceforge.net/ and find the writeup by Michael Karagiannis
listed the main page under Stackless Hogwash Howto.
Regards,
Bruce
> -----Original Message-----
> From: Paul D. Robertson [mailto:proberts@patriot.net]
> Sent: Thursday, October 03, 2002 11:09 AM
> To: James X
> Cc: firewall-wizards@honor.icsalabs.com
> Subject: Re: [fw-wiz] stealth ports and IDS
>
>
> On 3 Oct 2002, James X wrote:
>
> > One stumbling box has been the idea of a stealth port. I usually
> > operate my IDS boxes with the interfaces in stealth mode ie no IP
> > address or stack. I do not know of a way of acheiving this
> using linux
> > or netBSD etc.. and without it I would feel rather
> vulnerable. To help
>
> Maybe it's just me, but how about just not putting an IP
> address on the
> interface?
>
> I doubt you can get away with not puting IP in the kernel,
> but I really
> don't know enough about how libpcap does its thing to say for sure...
>
> Paul
> --------------------------------------------------------------
> ---------------
> Paul D. Robertson "My statements in this message are
> personal opinions
> proberts@patriot.net which may have no basis whatsoever in fact."
> probertson@trusecure.com Director of Risk Assessment
> TruSecure Corporation
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
- Next message: Todd Underwood: "Re: [fw-wiz] stealth ports and IDS"
- Previous message: Kevin Steves: "Re: [fw-wiz] stealth ports and IDS"
- Maybe in reply to: James X: "[fw-wiz] stealth ports and IDS"
- Next in thread: Anton A. Chuvakin: "Re: [fw-wiz] SANS Top Ten and Commercial Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
