This is something i may just have to join.... On Sat, Mar 28, 2009 at 11:30 PM, mike havens wrote: > boooohoooo! I wish I could be there. > > On Sun, Mar 29, 2009 at 1:05 AM, Lisa Kachold > wrote: >> >> Join us at UAT.edu as we build and play with Firewall ISO's in old boxen >> with network cards. >> >> Just imagine the script kiddies surprise when your new Firewall retaliates >> with a storm of SYN packets automagically rather than roll over like your >> Linksys or Netgear did? >> >> Imagine being able to check snort logs and dump a big list of IPs directly >> to a deny file without having to type them all into teensy little forms like >> on the http://192.168.1.1/filters.htm screen! >> >> Addicted to the LinkSys/Netgear Wireless, or like the fast ethernet ports >> and pretty blue and white LinkSys interface for setting up VPN's? >> >> You can set that device in place on the INSIDE of your Firewall of China! >> >> See you there! >> >> Obnosis | (503)754-4452 >> PLUG Linux Security Labs 2nd Saturday Each Month@Noon - 3PM >> >> >> ________________________________ >> From: lisakachold@obnosis.com >> To: plug-discuss@lists.plug.phoenix.az.us >> Subject: RE: OT? Linux-based trojans now targeting WRT and other >> linux-based routers >> Date: Sun, 29 Mar 2009 04:09:13 +0000 >> >> Yes, I was thinking about getting an ASA, but I like my gigabit 1000BaseT >> connections, L2 vlan, VPN's, and I think you are correct that optimally, a >> fast machine with 4 ethernet cards is going to be the direct solution in >> line before that silly "LinkSys" arm processor IPS. >> >> I used to build custom linux firewalls in 1995 and drop them in for >> businesses with a 2400 cisco, and I have built a few since (azwsx.com) so I >> think I will take your advice - I have a fresh install FreeBSD box right >> here, and a couple extra cards. >> >> Thanks for the great suggestion! >> >> Obnosis | (503)754-4452 >> PLUG Linux Security Labs 2nd Saturday Each Month@Noon - 3PM >> >> > Date: Sat, 28 Mar 2009 03:13:32 -0700 >> > From: technomage.hawke@gmail.com >> > To: plug-discuss@lists.plug.phoenix.az.us >> > Subject: Re: OT? Linux-based trojans now targeting WRT and other >> > linux-based routers >> > >> > Lisa Kachold wrote: >> > > Well, the sad fact is that _any_ machine will kick over and barf it's >> > > guts under distributed attacks; it just depends on what it does after the >> > > green slime clears.. >> > > Also, it really helps if you run one that won't take WRT, or only runs >> > > on an arm, with small memory therefore they aren't too hot to pwn you. >> > > Linksys put out the source, whereupon I built my own, and played with the >> > > features; you know kiddies are doing this also. >> > > >> > > Course, if you have a WRT-able router, it's a good idea to set it up >> > > as a small linux system, but you have to know how to work it; starting by >> > > iptable deny all of china is a good start. >> > > I have had mine owned regularly; I just flash it again. Mine is easy >> > > to determine, since it suddenly starts showing AIM ports open. Once they >> > > target you successfully, they will insidiously continue to keep track of >> > > you; rather like trophy hunting. >> > > I could have done a complete defcon presentation on various routers by >> > > this time. >> > > That's why I always suggest to everyone, if you see something strange, >> > > you see something strange, report it, complain, study it, rather than >> > > continuing to agree with everyone in denial about the sad state of security. >> > > Obnosis | (503)754-4452 >> > > >> > > >> > > >> > > >> > > PLUG Linux Security Labs 2nd Saturday Each Month@Noon - 3PM >> > > >> > Lisa (and others), >> > I don't tend to generally trust the "commercial grade" devices >> > available. they can't handle what I do with my home connection on a >> > daily basis >> > (and the last thing I want is some script kiddie pwning my router). I >> > use OpenBSD here as my firewall machine (I have both a hardware version >> > and vmware). I tend to keep close track on these and so far, neither >> > have been "pwned" after nearly 5 years of continuous use. I used to use >> > a >> > linux firewall before that, but had problems with rootkits. >> > >> > Even with this, it still doesn't hurt to have a whole bevy of security >> > tools at hand for "just in case" (like windows, linux, OS X, etc). >> > >> > --------------------------------------------------- >> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> > To subscribe, unsubscribe, or to change your mail settings: >> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >> >> ________________________________ >> Quick access to Windows Live and your favorite MSN content with Internet >> Explorer 8. >> ________________________________ >> Windows Live™ SkyDrive: Get 25 GB of free online storage. Check it out. >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > -- > :-)~MIKE~(-: > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss