so what you're saying dedicated router firewalls like linksys with custom
firmware are not enough or that they don't have enough resources to run such
software?
On May 28, 2011 3:21 PM, "Soren" <[email protected]> wrote:
> Duncan,
>
> I am sorry if I scared you, that was not at all my intention. Though I do
understand the frustration you may feel about
> the subject, I don't believe in hiding things under the carpet. And, btw,
my hat is white and will always be so. Not
> even a speeding nor parking ticket in my entire life, and there will never
be so, period.
>
> The only picture I'm trying to paint, is the present picture of where
things are going. I had my own security business
> until about six years ago, plus I've done serious research in harmfull
internet traffic for about ten years. Enough to
> understand what is emerging, and what to look out for. These days I'm no
longer 'cutting edge', though still following
> development closely.
>
> During the past six months or so, several new point-and-click exploit kits
has evolved. With these kits, anyone can
> taylor their own backdoor, virus, or whatever is wanted. What's new about
the recent kits of that kind, is that some
> core functions/features that are universal for all operating systems, are
now attacked very aggressively. This includes
> Mac/BSD.
>
> The essence of my original suggestions is: keep your eyes open, and don't
trust operating systems nor firewalls, use
> common sense instead of blind trust. Also, it's important to understand
that keeping one's system/data safe is an
> ongoing process.
>
> If you want to setup a firewall/gateway, go ahead, and don't be frightened
because it's new to you. All needed is an
> outdated system with 256 MB or more RAM, +500 MHz processor, and 2 NIC's -
one for Green (local network), and one for
> Red (internet), and a +2 GB HDD/SD card/USB-pen, depending on system and
preferences.
>
> If you want to play with an easy firewall/gateway, get IPcop 1.4.20 (+
update to 1.4.21), but don't use it for anything
> serious, as it's becoming sort of outdated. Safe enough for casual
surfing, though. IPcop is very easy and intuitive to
> setup, and will give you a basic idea about the subject. Very good
documentation, also. Don't be scared of playing
> around a bit, we all start somewhere. Btw, Intel NIC's are nice, but
Realtek's are cheap, and they work. Just make sure
> they are manufactured in Taiwan or Japan, not China (yes, this is a
warning).
>
> What you instead *should* be scared of, is the fact that in about two
years from today, everyone who doesn't have just a
> slightly secure firewall/gateway setup, will suffer the steep learning
curve that comes from total exploitation. There
> are some very evil people out there that can't be reached or punished by
civilized law enforcement.
>
> Also, this is a great oppurtunity to put some of the old, stashed-away
hardware into good use, and play around, in the
> true hwg spirit.
>
> hth
>
> DSinc wrote:
>> Soren,
>> Nice share. But, still you continue to paint a very bleak picture.
>> I'd like to think I have some grasp of this, but, I do not.
>> I feel incapable of constructing most of your suggestions.
>> Any/all reformats suck! I get this one.
>> Again, nice share........ :)
>> If I was much smarter, I might suspect that you might be a
>> Gray-Hat sorta folk. JMHO.
>> Live well. You scare me.
>> Duncan
>>
>>
>> On 05/28/2011 03:14, Soren wrote:
>>> Hello,
>>>
>>> A few words about the effects of virus infections.
>>>
>>> First, the viruses of today very often contain hidden backdoors.
>>>
>>> Back in 'the good old days', a virus was terminated completely by a
>>> reformat. Not so anymore, unfortunately. These days, a complete HDD
>>> wipe is mandatory.
>>>
>>> Please, beware that the wipe schemes in proggies like dBan, and so
>>> forth, only follows a wipe standard that conforms to portable media,
>>> like USB pendrives. The Gutman 35x wipe is still the only secure wipe
>>> of a HDD. Also, the drive has to be connected directly to a HDD
>>> controller, and not only via USB. Always check drive situation with
>>> fdisk.
>>>
>>> Today most vira also contains either a rootkit or a backdoor trojan,
>>> or both. Say hello to exploits of the NTFS/ext3+ secondary data
>>> streams in combination with Hyper Threading (that transport excactly
>>> secondary data streams). An almost ideal environment for a virus
>>> programmer.
>>>
>>> A *very* good way to avoid most Windows vira, is to set up a *nix
>>> gateway containing a web proxy. This form of gateway will filter out
>>> about 95-99 pct. of all Windows malware, vira, rootkits, and other
>>> unwanted stuff. Some *nix gateways also include an option for a full
>>> IPS (Intrusion Prevention System), if one has the hardware to match.
>>>
>>> The system for installing such an appliance, is very much one of the
>>> cheap Atom solutions, with Hyper Threading DISabled, that is. There's
>>> still a few Asus/AsRock boards with both ATA and SATA available
>>> (future upgrades), and with a built-in GPU, NIC, and two different
>>> controllers, all for the price of a 4GB RAM stick...
>>>
>>> Some of these appliances can run from an SD card (mechanical write
>>> protection!), or from a USB pendrive, even as boot. This enables a
>>> fairly noisefree environment, if combined with a mini-itx case with a
>>> passive PSU - a US company produces some pretty awsome passive PSU's.
>>>
>>> hth
>>>
>>>
>>>
>>>
>>>
>>>
>>
