[Snort-users] Bothersome portscans and some conjecture

Dan Hollis goemon at ...20...
Mon Nov 20 15:21:03 EST 2000


On Mon, 20 Nov 2000, Todd Ransom wrote:
> On OpenBSD you bring up an interface with no ip address that will not ARP
> like this:
> ifconfig ep0 0.0.0.0 netmask 255.255.255.255 -arp

On linux, 'ifconfig eth1 up' is sufficient:

eth1      Link encap:Ethernet  HWaddr 00:20:78:11:88:7E
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:558479836 errors:0 dropped:4 overruns:0 frame:16
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:11 Base address:0x6100

As you can see, it's never transmitted a single packet. You can also see
it doesnt have any address associated with any protocol.

-Dan




More information about the Snort-users mailing list