Omer Zak wrote:
I have the following idea for a Linux based firewall, which will hopefully
make it safer to connect a LAN to the Internet.
Not a bad shot at all, but here are two suggestion for improvements:
The first is to disable CD-ROM and HD completely and use the LRP(*1)
distribution
=
-Original Message-
From: Alex Shnitman [SMTP:[EMAIL PROTECTED]]
Sent: ã 29 ðåáîáø 2000 13:44
To: Linux-IL mailing list
Subject: Re: A better Linux based firewall installation?
Hi, Gilad!
On Wed, Nov 29, 2000 at 12:50:32PM +0200, you wrote the following:
The second
Alex Shnitman wrote:
Hi, Gilad!
On Wed, Nov 29, 2000 at 12:50:32PM +0200, you wrote the following:
The second is to NOT configure your firewall as a router, but rather as
a layer 2 bridge with IP firwalling rules(*2) and not give it an IP at
all (bridges don't need to have an IP
Yngvi(*) wrote:
Seems you can transparently define your external router IP ( ISP router )
sitting on the other side of your bridge/firewall as default gateway for all
the protected machines. The bridge cares to provide you with ARP responce
for routers's MAC.
Right on the first sentence,
SERVICES =
= SUBSIDIARY OF MEKOROT WATER CO.LTD =
-Original Message-
From: Gilad Ben-Yossef [SMTP:[EMAIL PROTECTED]]
Sent: ã 29 ðåáîáø 2000 16:37
To: ? ?
Cc: IGLU
Subject: Yngvi is a LOUSE! (was: Re: A better Linux based firewall
On Wed, Nov 29, 2000 at 12:50:32PM +0200, Gilad Ben-Yossef wrote:
Other methods of configuration could be very well added. How about
attaching an GSM phone to the machine and accepting instruction only
from SMS messages coming from a certain phone number.
That's a rather insecure way, BTW.
On Wed, 29 Nov 2000, Ilya Konstantinov wrote:
On Wed, Nov 29, 2000 at 12:50:32PM +0200, Gilad Ben-Yossef wrote:
Other methods of configuration could be very well added. How about
attaching an GSM phone to the machine and accepting instruction only
from SMS messages coming from a certain
Ilya Konstantinov wrote:
On Wed, Nov 29, 2000 at 12:50:32PM +0200, Gilad Ben-Yossef wrote:
Other methods of configuration could be very well added. How about
attaching an GSM phone to the machine and accepting instruction only
from SMS messages coming from a certain phone number.
Any attacker which is after your stuff and is able to penetrate a GSM
exchange and send an unauthrized message without anyone noticing
(remember that banks rely on the number as a ID good enough to identify
you and divolge your account details on SMS)
Hey... Gilad, I expected better from
Aviram Jenik wrote:
Any attacker which is after your stuff and is able to penetrate a GSM
exchange and send an unauthrized message without anyone noticing
(remember that banks rely on the number as a ID good enough to identify
you and divolge your account details on SMS)
Hey... Gilad,
I have the following idea for a Linux based firewall, which will hopefully
make it safer to connect a LAN to the Internet.
1. The firewall will be a dedicated machine.
2. Its root filesystem and all software will be burned in a CD-ROM. The
other filesystems (floppy and hard disk) will be
On Tue, 28 Nov 2000, Omer Zak wrote:
3. It will boot from a floppy disk (write-protected, of course) - as the
PC on which I want to implement the idea is older and its BIOS does not
know to boot directly from CD-ROM.
Here you sat write protected.
4. Any files, which may have to be
I have the following idea for a Linux based firewall, which will hopefully
make it safer to connect a LAN to the Internet.
The idea is quite nice (not new, though :-).
The question - did anyone already do something similar?
Yes, I can say that I did (sort of). I can't really give
To achieve a perfectly secured system, follow the below algorithm:
1). Unplug computer from wall outlet.
2). Melt computer into a fish shaped piece of metal.
3). Paint blue.
4). Throw in the ocean.
ve ha mevin iavin.
--Ariel
--
Ariel Biener
e-mail: [EMAIL PROTECTED]
PGP(6.5.8) public key
Omer Zak [EMAIL PROTECTED] wrote:
The advantage is that even if the root is compromised, the cracker's
ability to inflict actual damage will be limited.
I may be missing something here, but once an attacker have root access
to your firewall, what prevents her from modifying routing tables
On Tue, 28 Nov 2000, Ariel Biener wrote:
On Tue, 28 Nov 2000, Omer Zak wrote:
3. It will boot from a floppy disk (write-protected, of course) - as the
PC on which I want to implement the idea is older and its BIOS does not
know to boot directly from CD-ROM.
Here you sat write
On Tue, 28 Nov 2000, Omer Zak wrote:
Omer dear, rebooting a firewall means stopping the service to your
customer. Hardly the way to go. I can't imagine that every added rule to
the firewall would require such an ackward procedure. Not to mention how
reliable floppy diskettes are.
--Ariel
17 matches
Mail list logo
