Gene Lee wrote:
> The current problem is that I need to make sure there is no leakage of
> internal traffic through the Internet NIC. I also need to be assured that
> the NIC does not inadvertently respond to broadcast traffic despite it not
> having an IP address. Does anyone know of any way anyone can make this box
> respond from the Internet using my configuration? Any other hardening
> techniques to make this more secure in this temporary configuration?
Set the IP address and broadcast address to clearly bogus addresses
for the link in question. Setup the routers to drop all packets from
the address range you used for those bogus addresses. I'd use 10.net
addresses if they aren't in use elsewhere or one of the other
non-routed sub nets.
As an alternative idea you can hack the OpenBSD network driver code to
remove send ability for that NIC. I did this under Linux. This is why
I love open source.
--
| Bryan Andersen | [EMAIL PROTECTED] | http://softail.visi.com |
| Buzzwords are like annoying little flies that deserve to be swatted. |
| -Bryan Andersen |
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
