Snort mailing list archives
RE: Running Win2K in Stealth Mode
From: "Chris Arsenault" <carsenault () firstedcu org>
Date: Tue, 15 Jan 2002 09:36:21 -0600
This is how I setup Win2k to run in stealth mode running one sensor on the external side of the firewall and one sensor in the DMZ. I also connected a third network card to allow management via demark and acid from all of our IT desktops. Follow the instructions on setting up a receive only cable available on the current Snort FAQ. The cable works like a charm... 0.0.0.0 Interface on Windows 2000 --> Disable Automatic Private IP Addressing (APIPA) Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Add the following REG_DWORD value IPAutoconfigurationEnabled and set the value to 0 Unbind the Sensor Adapter(s) Double click on network connections Highlight the sensor adapter Choose advanced and then advanced settings On the bindings tab, remove the checkmarks in order to unbind the adapter(s) You are set at this point...our security requirements took us a step further. On top of the receive only cable, I also added and Ethernet tap. I added one tap on the external level of the firewall and one in the DMZ. TRAFFIC --> TAP --> RECEIVE ONLY CABLE --> SENSOR RUNNING 0.0.0.0 with no bindings on the NIC. The taps are available from http://www.shomiti.com <http://www.shomiti.com/> none the less, their docs didn't seem to work to well. I tried running the tap with a straight through cable as described and it wouldn't go. Once I put the receive only cable on, it worked like a charm. The tap was simply a security requirement where I work.....the receive only cable actually does to same thing. I am not complaining about the overkill when it comes to security though! Chris Arsenault Network Administrator First Educators Credit Union Microsoft Certified Systems Engineer Microsoft Certified Trainer -----Original Message----- From: Bill Shaffer [mailto:billshaffer () smsd org] Sent: Tuesday, January 15, 2002 8:53 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Running Win2K in Stealth Mode 1. How would one setup Windows 2K to run with no IP address? Is it just enough to uncheck TCP/IP under the nic properties? 2. Is there a command line you should place in the snort.conf to make snort run in stealth mode? Any info would be greatly appreciated! Thanks, Bill
Current thread:
- Running Win2K in Stealth Mode Bill Shaffer (Jan 15)
- <Possible follow-ups>
- RE: Running Win2K in Stealth Mode Chris Arsenault (Jan 15)
- Running Win2K in Stealth Mode Michael Steele (Jan 15)
- RE: Running Win2K in Stealth Mode Burleson, Lee (IA) (Jan 18)
- Running Win2K in Stealth Mode SkatFiend (Feb 06)
- RE: Running Win2K in Stealth Mode Tom Sevy (Feb 06)
- RE: Running Win2K in Stealth Mode Chris Arsenault (Feb 06)
- RE: Running Win2K in Stealth Mode Chris Arsenault (Feb 06)
- Re: Running Win2K in Stealth Mode Chris Chaffee (Feb 10)