From owner-freebsd-security Thu Sep 9 6: 2:47 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns2.infologigruppen.se (ns2.infologigruppen.se [212.214.163.69]) by hub.freebsd.org (Postfix) with ESMTP id 4274F1535C for ; Thu, 9 Sep 1999 06:02:43 -0700 (PDT) (envelope-from Goran.Lowkrantz@infologigruppen.se) Received: (from uucp@localhost) by ns2.infologigruppen.se (8.9.2/8.8.8) id KAA05448 for ; Thu, 9 Sep 1999 10:37:24 +0200 (CEST) (envelope-from Goran.Lowkrantz@infologigruppen.se) Received: from valhall.ign.se(192.168.3.1) via SMTP by bifrost-net.ign.se, id smtpdPS5446; Thu Sep 9 10:37:16 1999 Received: by valhall.ign.se with Internet Mail Service (5.5.2448.0) id ; Thu, 9 Sep 1999 10:37:15 +0200 Message-ID: From: "Lowkrantz, Goran" To: freebsd-security@FreeBSD.ORG Subject: Lisen only NIC Date: Thu, 9 Sep 1999 10:37:07 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org To check on our DMZs I am building a monitor system with a protected interface connected to the internal network and a multiport card to monitor the consoles of the systems in the DMZs. To check for attacks I have setup Snort and have tested with the Vision IDS but I want to hide the network interface completely so that it can't be seen or heard or attacked or anything. I have looked in the handbook, security how-to and searched mailing lists but not found anything about how to do this. The monitor system is on 3-stable, at the moment 3.3RC. What I would like to have: A NIC listening on a connected network using one of the already used addresses without being seen and without disturbing any traffic. 1 - Is it possible to configure a NIC this way? 2 - If not, I have tried to re-use an IP address from the DMZ, set IPFW to allow all in and nothing out, but an arp from the DMZ still shows the IF. How do I block this? 3 - Am I off track? Is there a better way to do this? Cheers, GLZ --- Goran Lowkrantz Email : goran.lowkrantz@infologigruppen.se Infologigruppen Alfa AB Telephone: Nat 070-587 8782 Fax: Nat 070-615 8782 Box 202 Int +46 70-587 8782 Int +46 70-615 8782 941 25 Pitea, Sweden To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message