boooohoooo! I wish I could be there. On Sun, Mar 29, 2009 at 1:05 AM, Lisa Kachold wrote: > Join us at UAT.edu as we build and play with Firewall ISO's in old boxen > with network cards. > > Just imagine the script kiddies surprise when your new Firewall retaliates > with a storm of SYN packets automagically rather than roll over like your > Linksys or Netgear did? > > Imagine being able to check snort logs and dump a big list of IPs directly > to a deny file without having to type them all into teensy little forms like > on the http://192.168.1.1/filters.htm screen! > > Addicted to the LinkSys/Netgear Wireless, or like the fast ethernet ports > and pretty blue and white LinkSys interface for setting up VPN's? > > You can set that device in place on the INSIDE of your Firewall of China! > > See you there! > > Obnosis | (503)754-4452 > PLUG Linux Security Labs2nd Saturday Each Month@Noon- 3PM > > > ------------------------------ > From: lisakachold@obnosis.com > To: plug-discuss@lists.plug.phoenix.az.us > Subject: RE: OT? Linux-based trojans now targeting WRT and other > linux-based routers > Date: Sun, 29 Mar 2009 04:09:13 +0000 > > Yes, I was thinking about getting an ASA, but I like my gigabit 1000BaseT > connections, L2 vlan, VPN's, and I think you are correct that optimally, a > fast machine with 4 ethernet cards is going to be the direct solution in > line before that silly "LinkSys" arm processor IPS. > > I used to build custom linux firewalls in 1995 and drop them in for > businesses with a 2400 cisco, and I have built a few since (azwsx.com) so > I think I will take your advice - I have a fresh install FreeBSD box right > here, and a couple extra cards. > > Thanks for the great suggestion! > > Obnosis | (503)754-4452 > PLUG Linux Security Labs2nd Saturday Each Month@Noon- 3PM > > > Date: Sat, 28 Mar 2009 03:13:32 -0700 > > From: technomage.hawke@gmail.com > > To: plug-discuss@lists.plug.phoenix.az.us > > Subject: Re: OT? Linux-based trojans now targeting WRT and other > linux-based routers > > > > Lisa Kachold wrote: > > > Well, the sad fact is that _any_ machine will kick over and barf it's > guts under distributed attacks; it just depends on what it does after the > green slime clears.. > > > Also, it really helps if you run one that won't take WRT, or only runs > on an arm, with small memory therefore they aren't too hot to pwn you. > Linksys put out the source, whereupon I built my own, and played with the > features; you know kiddies are doing this also. > > > > > > Course, if you have a WRT-able router, it's a good idea to set it up as > a small linux system, but you have to know how to work it; starting by > iptable deny all of china is a good start. > > > I have had mine owned regularly; I just flash it again. Mine is easy to > determine, since it suddenly starts showing AIM ports open. Once they target > you successfully, they will insidiously continue to keep track of you; > rather like trophy hunting. > > > I could have done a complete defcon presentation on various routers by > this time. > > > That's why I always suggest to everyone, if you see something strange, > you see something strange, report it, complain, study it, rather than > continuing to agree with everyone in denial about the sad state of security. > > > Obnosis | (503)754-4452 > > > > > > > > > > > > > > > PLUG Linux Security Labs 2nd Saturday Each Month@Noon - 3PM > > > > > Lisa (and others), > > I don't tend to generally trust the "commercial grade" devices > > available. they can't handle what I do with my home connection on a > > daily basis > > (and the last thing I want is some script kiddie pwning my router). I > > use OpenBSD here as my firewall machine (I have both a hardware version > > and vmware). I tend to keep close track on these and so far, neither > > have been "pwned" after nearly 5 years of continuous use. I used to use a > > linux firewall before that, but had problems with rootkits. > > > > Even with this, it still doesn't hurt to have a whole bevy of security > > tools at hand for "just in case" (like windows, linux, OS X, etc). > > > > --------------------------------------------------- > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change your mail settings: > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > ------------------------------ > Quick access to Windows Live and your favorite MSN content with Internet > Explorer 8. > ------------------------------ > Windows Live™ SkyDrive: Get 25 GB of free online storage. Check it out. > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- :-)~MIKE~(-: