[EMAIL PROTECTED] wrote:
Setup:
Home Lan with principle desktop machine running Gentoo.
Three other machines running WinXP that are a trio of video and sound
editing machines. And finally my wifes WinXP machine in antoher room.
All connected by Gigabit lan thru a netgear FVP318 router/firewall.
I want to begin scanning thru the traffic that bounces off my
router/firewall.
The router logs themselves are in a bad cumbersom format. And if I
use an available option to output them to a lan System logger the
information is greatly truncated and nearly useless.
Router logs can be emailed but again they are cumbersom and clunky.
That how I currently look through them.
So cutting to the chase, I don't want to even mess around with those
methods. Been there done that... didn't like it.
The router has an option to route traffic to a DMZ machine. In the
past when I got this same urge 2 or so years ago I setup an Openbsd
OS on an older PC. Buttoned it down what little I knew to do and had
lots of fun with incoming traffic.... I mean just studying and being
amazed etc.
I want to do that again but don't have that old machine anymore and
don't want the unfamiliar hassle of relearning whatever I knew about
OpenBSD.
I don't want the hassle of hardening my main desktop... preferring to
keep it pretty loose behind the firewall. Running a lan webserver and
the like.
I wondered if any of the security buffs here could tell me if a vmware
gentoo guest running on one of the winXP boxes could be setup to have
an independant tap on the Firewall as DMZ and not be offering every
hack whiz out there a shot at my home lan.
As I remember you can setup vmware with its own network address, not
sharing its hosts address to some degree.
Yes, vmware allows you to run it in bridged mode for networking. This
means that while you just have the one physical network card, it appears
from the point of view of the rest of the network to be two devices,
with different MAC addresses and IP address.
But I wondered.., since any traffic is really going thru that WinXP
hosts nic one way or another if it would be as safe as a truly
independant host with its own ethernet wire to the router. (which is
switched).
I'm not a security expert, but my gut feeling here is that it *should*
be fine. The windows host should never really "see" the traffic, beyond
the driver level I suspect, as the driver will see the packet has a
different MAC address on it, and pass it to vmware to deal with. Of
course that's not to say some specially crafted packet couldn't exist to
break this. Or that if they can exploit your vmware machine, they might
some how from there exploit vmware itself and then execute code on the
windows machine. Depends how paranoid you want to be...
Would I likely be opening my lan up for some christmas shopping by
having a gentoo guest on a WinXP host running as a DMZ machine?
It would be pretty barebones with a IPTABLE setup for logging and
tagging or whatever I get interested in doing with the traffic.
No X server or other frills.
Just to make sure here, the only traffic that is going to arrive at the
DMZ host will be inbound packets that aren't routed to another host (due
to port forwarding or PnP rules). Traffic between the other machines and
the internet will NEVER be seen, since it will travel from that machine
straight to the router, and return packets will go straight back to that
machine, not the DMZ system.
If all your wanting to do is see what people are doorknocking on your
system (like the people that keep trying to guess passwords for my ssh
server), then this should work.
Shawn
--
[EMAIL PROTECTED] mailing list
