Yes, I was thinking about getting an ASA, but I like my gigabit 1000BaseT
connections, L2 vlan, VPN's, and I think you are correct that optimally, a fast
machine with 4 ethernet cards is going to be the direct solution in line before
that silly "LinkSys" arm processor IPS.
I used to build custom linux firewalls in 1995 and drop them in for businesses
with a 2400 cisco, and I have built a few since (azwsx.com) so I think I will
take your advice - I have a fresh install FreeBSD box right here, and a couple
extra cards.
Thanks for the great suggestion!
Obnosis | (503)754-4452
PLUG Linux Security Labs 2nd Saturday Each mo...@noon - 3PM
> Date: Sat, 28 Mar 2009 03:13:32 -0700
> From: [email protected]
> To: [email protected]
> Subject: Re: OT? Linux-based trojans now targeting WRT and other linux-based
> routers
>
> Lisa Kachold wrote:
> > Well, the sad fact is that _any_ machine will kick over and barf it's guts
> > under distributed attacks; it just depends on what it does after the green
> > slime clears..
> > Also, it really helps if you run one that won't take WRT, or only runs on
> > an arm, with small memory therefore they aren't too hot to pwn you.
> > Linksys put out the source, whereupon I built my own, and played with the
> > features; you know kiddies are doing this also.
> >
> > Course, if you have a WRT-able router, it's a good idea to set it up as a
> > small linux system, but you have to know how to work it; starting by
> > iptable deny all of china is a good start.
> > I have had mine owned regularly; I just flash it again. Mine is easy to
> > determine, since it suddenly starts showing AIM ports open. Once they
> > target you successfully, they will insidiously continue to keep track of
> > you; rather like trophy hunting.
> > I could have done a complete defcon presentation on various routers by this
> > time.
> > That's why I always suggest to everyone, if you see something strange, you
> > see something strange, report it, complain, study it, rather than
> > continuing to agree with everyone in denial about the sad state of security.
> > Obnosis | (503)754-4452
> >
> >
> >
> >
> > PLUG Linux Security Labs 2nd Saturday Each mo...@noon - 3PM
> >
> Lisa (and others),
> I don't tend to generally trust the "commercial grade" devices
> available. they can't handle what I do with my home connection on a
> daily basis
> (and the last thing I want is some script kiddie pwning my router). I
> use OpenBSD here as my firewall machine (I have both a hardware version
> and vmware). I tend to keep close track on these and so far, neither
> have been "pwned" after nearly 5 years of continuous use. I used to use a
> linux firewall before that, but had problems with rootkits.
>
> Even with this, it still doesn't hurt to have a whole bevy of security
> tools at hand for "just in case" (like windows, linux, OS X, etc).
>
> ---------------------------------------------------
> PLUG-discuss mailing list - [email protected]
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
_________________________________________________________________
Quick access to Windows Live and your favorite MSN content with Internet
Explorer 8.
http://ie8.msn.com/microsoft/internet-explorer-8/en-us/ie8.aspx?ocid=B037MSN55C0701A
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
