Date: Thu, 9 Sep 1999 10:37:07 +0200 From: "Lowkrantz, Goran" <Goran.Lowkrantz@infologigruppen.se> To: freebsd-security@FreeBSD.ORG Subject: Lisen only NIC Message-ID: <B500F74C6527D311B61F0000C0DF5ADC07ED7D@valhall.ign.se>
next in thread | raw e-mail | index | archive | help
To check on our DMZs I am building a monitor system with a protected interface connected to the internal network and a multiport card to monitor the consoles of the systems in the DMZs. To check for attacks I have setup Snort and have tested with the Vision IDS but I want to hide the network interface completely so that it can't be seen or heard or attacked or anything. I have looked in the handbook, security how-to and searched mailing lists but not found anything about how to do this. The monitor system is on 3-stable, at the moment 3.3RC. What I would like to have: A NIC listening on a connected network using one of the already used addresses without being seen and without disturbing any traffic. 1 - Is it possible to configure a NIC this way? 2 - If not, I have tried to re-use an IP address from the DMZ, set IPFW to allow all in and nothing out, but an arp from the DMZ still shows the IF. How do I block this? 3 - Am I off track? Is there a better way to do this? Cheers, GLZ --- Goran Lowkrantz Email : goran.lowkrantz@infologigruppen.se Infologigruppen Alfa AB Telephone: Nat 070-587 8782 Fax: Nat 070-615 8782 Box 202 Int +46 70-587 8782 Int +46 70-615 8782 941 25 Pitea, Sweden To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B500F74C6527D311B61F0000C0DF5ADC07ED7D>