Thaidog

[Log in to get rid of this advertisement]

How can you run a server in "stealth mode" without an IP address? In other words... what do I have to do to to subtract the IP address of a server?

Mara

AFAIK you can't. You can use port forwarding and use other machine's IP for connections, but without any IP, I don't think so.

unSpawn

Hmm. Would that be just configuring the nic w/o giving it any IP address? :-]

Thaidog

Can you give me a step by step? I'm not to hip to this thing...

Mara

But what for? I can't think of a use of this.

Mara

Thaidog, could you write what you'd like to do in a more detailed way?

Thaidog

Sure... I was reading page 34 of this month's Linux Journal on how to use the app "snort" as a stealth logger... It explains that if your log server has no IP address, than it can't be hacked... in most basic terms... So it goes through this configuration scheme that I could not understand:

DEVICE=eth1
USERCTL=no
ONBOOT=yes
BOOTPROTO=
BROADCAST=
NETWORK=
NETMASK=
IPADDR=

Anyway, I'm still trying to understand the idea of a card with no IP address... and If I've already got that going on my OS X Jaguar box since I'm running my firewall in what it calls Stealth mode and running snort with NIDS... Or if I need to modify my connection settings... I hope this helps clear things up... ?

Mara

Read the whole article. I suppse it says it quite clearly:
(taken from http://linuxjournal.com/article.php?sid=6222)
A server without an IP can't be your only one (in general). It's nice to keep logs on it, but not as a normal server. Just my opinion.

stickman

The Linux Journal article is a pretty good read. You can do similar things with an unplumbed interface on Solaris.