HackFest Series: Firewall Building 101 April Lab 2nd Saturday Noon At UAT
Stephen
cryptworks at gmail.com
Sun Mar 29 08:46:01 MST 2009
This is something i may just have to join....
On Sat, Mar 28, 2009 at 11:30 PM, mike havens <bmike1 at gmail.com> wrote:
> boooohoooo! I wish I could be there.
>
> On Sun, Mar 29, 2009 at 1:05 AM, Lisa Kachold <lisakachold at obnosis.com>
> wrote:
>>
>> Join us at UAT.edu as we build and play with Firewall ISO's in old boxen
>> with network cards.
>>
>> Just imagine the script kiddies surprise when your new Firewall retaliates
>> with a storm of SYN packets automagically rather than roll over like your
>> Linksys or Netgear did?
>>
>> Imagine being able to check snort logs and dump a big list of IPs directly
>> to a deny file without having to type them all into teensy little forms like
>> on the http://192.168.1.1/filters.htm screen!
>>
>> Addicted to the LinkSys/Netgear Wireless, or like the fast ethernet ports
>> and pretty blue and white LinkSys interface for setting up VPN's?
>>
>> You can set that device in place on the INSIDE of your Firewall of China!
>>
>> See you there!
>>
>> Obnosis | (503)754-4452
>> PLUG Linux Security Labs 2nd Saturday Each Month at Noon - 3PM
>>
>>
>> ________________________________
>> From: lisakachold at obnosis.com
>> To: plug-discuss at lists.plug.phoenix.az.us
>> Subject: RE: OT? Linux-based trojans now targeting WRT and other
>> linux-based routers
>> Date: Sun, 29 Mar 2009 04:09:13 +0000
>>
>> Yes, I was thinking about getting an ASA, but I like my gigabit 1000BaseT
>> connections, L2 vlan, VPN's, and I think you are correct that optimally, a
>> fast machine with 4 ethernet cards is going to be the direct solution in
>> line before that silly "LinkSys" arm processor IPS.
>>
>> I used to build custom linux firewalls in 1995 and drop them in for
>> businesses with a 2400 cisco, and I have built a few since (azwsx.com) so I
>> think I will take your advice - I have a fresh install FreeBSD box right
>> here, and a couple extra cards.
>>
>> Thanks for the great suggestion!
>>
>> Obnosis | (503)754-4452
>> PLUG Linux Security Labs 2nd Saturday Each Month at Noon - 3PM
>>
>> > Date: Sat, 28 Mar 2009 03:13:32 -0700
>> > From: technomage.hawke at gmail.com
>> > To: plug-discuss at lists.plug.phoenix.az.us
>> > Subject: Re: OT? Linux-based trojans now targeting WRT and other
>> > linux-based routers
>> >
>> > Lisa Kachold wrote:
>> > > Well, the sad fact is that _any_ machine will kick over and barf it's
>> > > guts under distributed attacks; it just depends on what it does after the
>> > > green slime clears..
>> > > Also, it really helps if you run one that won't take WRT, or only runs
>> > > on an arm, with small memory therefore they aren't too hot to pwn you.
>> > > Linksys put out the source, whereupon I built my own, and played with the
>> > > features; you know kiddies are doing this also.
>> > >
>> > > Course, if you have a WRT-able router, it's a good idea to set it up
>> > > as a small linux system, but you have to know how to work it; starting by
>> > > iptable deny all of china is a good start.
>> > > I have had mine owned regularly; I just flash it again. Mine is easy
>> > > to determine, since it suddenly starts showing AIM ports open. Once they
>> > > target you successfully, they will insidiously continue to keep track of
>> > > you; rather like trophy hunting.
>> > > I could have done a complete defcon presentation on various routers by
>> > > this time.
>> > > That's why I always suggest to everyone, if you see something strange,
>> > > you see something strange, report it, complain, study it, rather than
>> > > continuing to agree with everyone in denial about the sad state of security.
>> > > Obnosis | (503)754-4452
>> > >
>> > >
>> > >
>> > >
>> > > PLUG Linux Security Labs 2nd Saturday Each Month at Noon - 3PM
>> > >
>> > Lisa (and others),
>> > I don't tend to generally trust the "commercial grade" devices
>> > available. they can't handle what I do with my home connection on a
>> > daily basis
>> > (and the last thing I want is some script kiddie pwning my router). I
>> > use OpenBSD here as my firewall machine (I have both a hardware version
>> > and vmware). I tend to keep close track on these and so far, neither
>> > have been "pwned" after nearly 5 years of continuous use. I used to use
>> > a
>> > linux firewall before that, but had problems with rootkits.
>> >
>> > Even with this, it still doesn't hurt to have a whole bevy of security
>> > tools at hand for "just in case" (like windows, linux, OS X, etc).
>> >
>> > ---------------------------------------------------
>> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> > To subscribe, unsubscribe, or to change your mail settings:
>> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>> ________________________________
>> Quick access to Windows Live and your favorite MSN content with Internet
>> Explorer 8.
>> ________________________________
>> Windows Live™ SkyDrive: Get 25 GB of free online storage. Check it out.
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
> --
> :-)~MIKE~(-:
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.
Stephen
More information about the PLUG-discuss
mailing list