RE: [fw-wiz] stealth ports and IDS

From: Bruce Platt (Bruce@ei3.com)
Date: 10/03/02


From: Bruce Platt <Bruce@ei3.com>
To: "Paul D. Robertson" <proberts@patriot.net>, James X <scouser@paradise.net.nz>
Date: Thu Oct  3 12:45:23 2002

One can build a stackless kernel for linux. I've done it. Using make
menuconfig, or make xconfig, whatever, remove TCP/IP support from the
kernel. May as well remove the other transport layer choices as well.

You will need a new ifconfig. I built mine as well as other utilities using
the net-tools packages. I have heard that newer releases of RH will provide
this without using net-tools.

This is at the heart of hogwash in stealth mode, see:
http://hogwash.sourceforge.net/ and find the writeup by Michael Karagiannis
listed the main page under Stackless Hogwash Howto.

Regards,

Bruce

> -----Original Message-----
> From: Paul D. Robertson [mailto:proberts@patriot.net]
> Sent: Thursday, October 03, 2002 11:09 AM
> To: James X
> Cc: firewall-wizards@honor.icsalabs.com
> Subject: Re: [fw-wiz] stealth ports and IDS
>
>
> On 3 Oct 2002, James X wrote:
>
> > One stumbling box has been the idea of a stealth port. I usually
> > operate my IDS boxes with the interfaces in stealth mode ie no IP
> > address or stack. I do not know of a way of acheiving this
> using linux
> > or netBSD etc.. and without it I would feel rather
> vulnerable. To help
>
> Maybe it's just me, but how about just not putting an IP
> address on the
> interface?
>
> I doubt you can get away with not puting IP in the kernel,
> but I really
> don't know enough about how libpcap does its thing to say for sure...
>
> Paul
> --------------------------------------------------------------
> ---------------
> Paul D. Robertson "My statements in this message are
> personal opinions
> proberts@patriot.net which may have no basis whatsoever in fact."
> probertson@trusecure.com Director of Risk Assessment
> TruSecure Corporation
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>



Relevant Pages