Slashdot Mirror

← Back to Stories (view on slashdot.org)

Skip The IP Address

Posted by Hemos on from the who-needs-'em dept.

j0hnyb1423 writes "Have you ever wanted to be able to connect to that stackless Snort or Hogwash box without walking over to it and plugging in a monitor and keyboard? Well, at last here's your answer - noiptun. Yes, it requires an IP stack to be compiled into the kernel but no IP addresses necessary on the real interface(s). And if stealth IDS setups aren't your bag, then you can at least use it to browse /. without having an IP bound to your linux workstation."

6 of 24 comments (clear)

  1. Re:Is it just me.. by hbackert · · Score: 4, Informative

    Whats to stop an attacker connecting through the tunnel to the noip'd box?

    The box itself will stop such traffic (only if it's a known exploit though). The bad traffic usually comes from outside. The management and this tunnel is supposed to connect from the internal network. The problem with such bridging boxes is, they either don't have an IP address and are only administratable via the console or configurable via booting/floppy/CD, or they have another interface with a secure network to administer. Switches usually have a dedicated network for their administration. In the latter case, the box has an IP address. In all cases, administration is not supposed to be done via an in-band network connection.

    The whole point of this noiptun is to get rid of this extra interface which is usually needed to do some kind of administration.

  2. Re:Is it just me.. by SlashSpam · · Score: 2, Informative

    From the README of Noiptun:

    If you've been paying careful attention you will have noticed that there has been no mention of any mechanism to prevent the traffic from continuing on to its intended destination, i.e. the IP address the server was using to route the traffic to the client machine. The answer is that noiptun has no way to handle this issue and it must be dealt with through other means if deemed important enough. Some of the ways this can be solved is by creating an appopriate Hogwash or inline Snort rule to drop the traffic, using firewall rules to filter the traffic is also possible. Please note however that noiptun makes no attempt to deal with this issue whatsoever and it's up to you to make sure the traffic is dropped and doesn't waste unnecessary bandwidth.
    /Spam .
  3. Ummm.... VLANS... by MegaHamsterX · · Score: 2, Informative

    I haven't has a problem with VLANS in linux.
    Since all the addresses on the internal VLAN are non-routable you'd need a box with an external public ip address with one of the VLANS built to it from the switch as well as the internal VLAN to make a compromise, this should never happen.

    This seems kinda like a rigged situation, if you have an IDS you probably also have switches which support VLANS.

  4. Re:It's backwards client server by j0hnyb1423 · · Score: 4, Informative

    the machine running the client is usually assumed to be running on a bridge interface with no IP of its own. As such it won't be discarding any packets. As far as the naming scheme for client/server, there is actually a good reason why the IP-less side is running the client while the end connecting to it is called the server. When the project began, the idea was to be able to use one "server" to connect to many clients, this functionality isn't currently there and there is at the moment only a one-to-one possible relationship, but the naming scheme makes sense viewed from that angle.

  5. Re:It's backwards client server by ivan256 · · Score: 5, Informative

    What?

    The end that sits there passively waiting for someone to connect is called the "client", and the end you run when you want to talk is called the "server".

    That's not how X works, nor is the terminology backwards. In X, the resource that's being served is the terminal (the display and input devices). The server sits around waiting for the clients (applications) to connect to it.

    The problem is that you think server means remote and client means local, and that's just wrong; it's actually about who is providing resources and who is consuming them.

  6. Re:arp -s anybody? by j0hnyb1423 · · Score: 2, Informative

    I think my previous response gave the impression that noiptun and arp -s are in fact functionally similar. In fact, arp -s will NOT let you connect to a machine without an IP address. It will let you send packets to it, but the machine will not process them since the IP you're sending the packets to does not exist there.