Re: [pfSense-discussion] What about a Ramdisk?

2005-09-23 Thread Tommaso Di Donato
On 9/23/05, Chris Buechler <[EMAIL PROTECTED]> wrote: > Should be, since you should employ egress filtering to let out nothing> but HTTP and HTTPS from your LAN clients, if you even allow that> much.  In a corporate environment, at least.  I drop everything > outbound from all LAN clients (exceptio

Re: [pfSense-discussion] What about a Ramdisk?

2005-09-23 Thread Chris Buechler
Chris Buechler wrote: A Rossi wrote: Is viral content more likely to be transmitted via http, as opposed to the other protocols? Should be, since you should employ egress filtering to let out nothing but HTTP and HTTPS from your LAN clients, if you even allow that much. In a corporate en

Re: [pfSense-discussion] What about a Ramdisk?

2005-09-23 Thread Chris Buechler
A Rossi wrote: Is viral content more likely to be transmitted via http, as opposed to the other protocols? Should be, since you should employ egress filtering to let out nothing but HTTP and HTTPS from your LAN clients, if you even allow that much. In a corporate environment, at least. I d

Re: [pfSense-discussion] What about a Ramdisk?

2005-09-23 Thread A Rossi
Is viral content more likely to be transmitted via http, as opposed to the other protocols? I do not know, that is why I was suggesting scanning all packets.   - Original Message - From: Gary Buckmaster To: discussion@pfsense.com Sent: Friday, September 23, 2005 1:05

RE: [pfSense-discussion] What about a Ramdisk?

2005-09-23 Thread Gary Buckmaster
What he's talking about is using Squid and a redirector to check inbound http traffic for viral content.  This is a reasonably simple, very effective solution.  Your idea of capturing every single packet, scanning it for viral content and sending it on its way is not only not feasible, its a

Re: [pfSense-discussion] What about a Ramdisk?

2005-09-23 Thread Tommaso Di Donato
I do not like this solution.. First, you do not have only to capture the packets, you have to reassembly them! Second, it is too much space-consuming. Third, in this way you are not able to stop infected traffic No, please consider egress filtering. You cannot hope that a PC thinks instead of y

Re: [pfSense-discussion] block vs reject?

2005-09-23 Thread A Rossi
I've narrowed it down to 2 possible sites: http://www.auditmypc.com/ and https://www.grc.com/x/ne.dll?bh0bkyd2 - Original Message - From: "Chris Buechler" <[EMAIL PROTECTED]> To: Sent: Friday, September 23, 2005 12:54 PM Subject: Re: [pfSense-discussion] block vs reject? > never he

Re: [pfSense-discussion] What about a Ramdisk?

2005-09-23 Thread A Rossi
Is it possible that there's a packet sniffer (is that a real thing?) that could copy all traffic into that ramdisk for ClamAV to scan, as opposed to using Squid?(the problem with that would be that there's no way to stop the traffic if it is indeed infected AFAIK) Or do you need Squid to ini

Re: [pfSense-discussion] block vs reject?

2005-09-23 Thread Chris Buechler
never heard of any tests trying for that. maybe your ISP dropping some ports (135-139, 445, etc. are common) and rejecting them and it saw the unreachables as you connecting back? Hard telling, sounds like a buggy testing tool to me though. if you can recall what site it is, I'll check it ou

Re: [pfSense-discussion] block vs reject?

2005-09-23 Thread A Rossi
I have a question regarding this very subject. When I first used m0n0wall (yes, I know this is not m0n0wall, but just listen) I tested it with a bunch of those firewall testing sites, I passed all of them, but this one said that my firewall did a "counter-probe" or something that sounds similar. Ba

Re: [pfSense-discussion] block vs reject?

2005-09-23 Thread Chris Buechler
Matthew Lenz wrote: Just had a situation where a backend job was hanging because it couldn't get to an ip. the tcp connect just kinda hung and this particular software module had a really long timeout set. Is there a reason why for example there is a global block in pfsense as opposed to a glo

[pfSense-discussion] block vs reject?

2005-09-23 Thread Matthew Lenz
Just had a situation where a backend job was hanging because it couldn't get to an ip. the tcp connect just kinda hung and this particular software module had a really long timeout set. Is there a reason why for example there is a global block in pfsense as opposed to a global reject (which seems

Re: [pfSense-discussion] What about a Ramdisk?

2005-09-23 Thread Tommaso Di Donato
On 9/23/05, A Rossi <[EMAIL PROTECTED]> wrote: Does the AV scan all incoming packets or just websites? Could it obtain updates to keep it current? I realized it with clamav. Basically, /etc/rc.bootup calls a custom function that create a ramdisk. ClamAv uses it for scanning. The AV works b

Re: [pfSense-discussion] What about a Ramdisk?

2005-09-23 Thread Scott Ullrich
For this you would want a 2 sided approach. First you would want to set the maximum connections a second for the LAN rule to basically block the user if they reach a threshold. The second portion would be this package that is being spoken of but I have very little knowledge of whats going into i

Re: [pfSense-discussion] What about a Ramdisk?

2005-09-23 Thread A Rossi
Does the AV scan all incoming packets or just websites? Could it obtain updates to keep it current? And could it scan outgoing traffic from the LAN? (lets say that an XP computer on my network has blaster, and it tries sending blaster packets all across the LAN, and the net, would this scan

Re: [pfSense-discussion] What about a Ramdisk?

2005-09-23 Thread Alex Neuman
Tommaso Di Donato wrote: I am using a ramdisk in a hdd installation, because I am integrating an antivirus service. So, if someone is interested, I can send the code On 9/23/05, *Damien Dupertuis* <[EMAIL PROTECTED] > wrote: Well, I'm quite interested!!! bu

Re: [pfSense-discussion] What about a Ramdisk?

2005-09-23 Thread Damien Dupertuis
Well, in fact I do not have more specific questions... but it seems to be quite interresting... regards... --- Tommaso Di Donato <[EMAIL PROTECTED]> a écrit : > Yes, it is working well... I am working on a way for > transparent scanning > incoming www traffic usinf squid+something (now I am > t

Re: [pfSense-discussion] What about a Ramdisk?

2005-09-23 Thread Tommaso Di Donato
Yes, it is working well... I am working on a way for transparent scanning incoming www traffic usinf squid+something (now I am trying squidclam). I would like to tell you more, and also in a more "scientific" way, but I have to find the righte redirector for squid, and then I will do all the tests

Re: [pfSense-discussion] What about a Ramdisk?

2005-09-23 Thread Damien Dupertuis
Tell us more, how does it work? Is it really efficient? an av on a firewall??? thanks... --- Tommaso Di Donato <[EMAIL PROTECTED]> a écrit : > I am using a ramdisk in a hdd installation, because > I am integrating an > antivirus service. So, if someone is interested, I > can send the code

Re: [pfSense-discussion] What about a Ramdisk?

2005-09-23 Thread Tommaso Di Donato
I am using a ramdisk in a hdd installation, because I am integrating an antivirus service. So, if someone is interested, I can send the codeOn 9/23/05, Damien Dupertuis <[EMAIL PROTECTED] > wrote:Well, I'm quite interested!!! but totally unable do doit myself...

RE: [pfSense-discussion] What about a Ramdisk?

2005-09-23 Thread Damien Dupertuis
Well, I'm quite interested!!! but totally unable do do it myself... --- A Rossi <[EMAIL PROTECTED]> a écrit : > What about having a ramdrive so that LiveCD users > could install and test pakages without needing an > HDD as a future feature? Unless, to install pakages, > you need to reboot... t