This is something i may just have to join....
On Sat, Mar 28, 2009 at 11:30 PM, mike havens <
bmike1@gmail.com> wrote:
> boooohoooo! I wish I could be there.
>
> On Sun, Mar 29, 2009 at 1:05 AM, Lisa Kachold <lisakachold@obnosis.com>
> wrote:
>>
>> Join us at UAT.edu as we build and play with Firewall ISO's in old boxen
>> with network cards.
>>
>> Just imagine the script kiddies surprise when your new Firewall retaliates
>> with a storm of SYN packets automagically rather than roll over like your
>> Linksys or Netgear did?
>>
>> Imagine being able to check snort logs and dump a big list of IPs directly
>> to a deny file without having to type them all into teensy little forms like
>> on the http://192.168.1.1/filters.htm screen!
>>
>> Addicted to the LinkSys/Netgear Wireless, or like the fast ethernet ports
>> and pretty blue and white LinkSys interface for setting up VPN's?
>>
>> You can set that device in place on the INSIDE of your Firewall of China!
>>
>> See you there!
>>
>> Obnosis | (503)754-4452
>> PLUG Linux Security Labs 2nd Saturday Each Month@Noon - 3PM
>>
>>
>> ________________________________
>> From: lisakachold@obnosis.com
>> To: plug-discuss@lists.plug.phoenix.az.us
>> Subject: RE: OT? Linux-based trojans now targeting WRT and other
>> linux-based routers
>> Date: Sun, 29 Mar 2009 04:09:13 +0000
>>
>> Yes, I was thinking about getting an ASA, but I like my gigabit 1000BaseT
>> connections, L2 vlan, VPN's, and I think you are correct that optimally, a
>> fast machine with 4 ethernet cards is going to be the direct solution in
>> line before that silly "LinkSys" arm processor IPS.
>>
>> I used to build custom linux firewalls in 1995 and drop them in for
>> businesses with a 2400 cisco, and I have built a few since (azwsx.com) so I
>> think I will take your advice - I have a fresh install FreeBSD box right
>> here, and a couple extra cards.
>>
>> Thanks for the great suggestion!
>>
>> Obnosis | (503)754-4452
>> PLUG Linux Security Labs 2nd Saturday Each Month@Noon - 3PM
>>
>> > Date: Sat, 28 Mar 2009 03:13:32 -0700
>> > From: technomage.hawke@gmail.com
>> > To: plug-discuss@lists.plug.phoenix.az.us
>> > Subject: Re: OT? Linux-based trojans now targeting WRT and other
>> > linux-based routers
>> >
>> > Lisa Kachold wrote:
>> > > Well, the sad fact is that _any_ machine will kick over and barf it's
>> > > guts under distributed attacks; it just depends on what it does after the
>> > > green slime clears..
>> > > Also, it really helps if you run one that won't take WRT, or only runs
>> > > on an arm, with small memory therefore they aren't too hot to pwn you.
>> > > Linksys put out the source, whereupon I built my own, and played with the
>> > > features; you know kiddies are doing this also.
>> > >
>> > > Course, if you have a WRT-able router, it's a good idea to set it up
>> > > as a small linux system, but you have to know how to work it; starting by
>> > > iptable deny all of china is a good start.
>> > > I have had mine owned regularly; I just flash it again. Mine is easy
>> > > to determine, since it suddenly starts showing AIM ports open. Once they
>> > > target you successfully, they will insidiously continue to keep track of
>> > > you; rather like trophy hunting.
>> > > I could have done a complete defcon presentation on various routers by
>> > > this time.
>> > > That's why I always suggest to everyone, if you see something strange,
>> > > you see something strange, report it, complain, study it, rather than
>> > > continuing to agree with everyone in denial about the sad state of security.
>> > > Obnosis | (503)754-4452
>> > >
>> > >
>> > >
>> > >
>> > > PLUG Linux Security Labs 2nd Saturday Each Month@Noon - 3PM
>> > >
>> > Lisa (and others),
>> > I don't tend to generally trust the "commercial grade" devices
>> > available. they can't handle what I do with my home connection on a
>> > daily basis
>> > (and the last thing I want is some script kiddie pwning my router). I
>> > use OpenBSD here as my firewall machine (I have both a hardware version
>> > and vmware). I tend to keep close track on these and so far, neither
>> > have been "pwned" after nearly 5 years of continuous use. I used to use
>> > a
>> > linux firewall before that, but had problems with rootkits.
>> >
>> > Even with this, it still doesn't hurt to have a whole bevy of security
>> > tools at hand for "just in case" (like windows, linux, OS X, etc).
>> >
>> > ---------------------------------------------------
>> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> > To subscribe, unsubscribe, or to change your mail settings:
>> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>> ________________________________
>> Quick access to Windows Live and your favorite MSN content with Internet
>> Explorer 8.
>> ________________________________
>> Windows Live™ SkyDrive: Get 25 GB of free online storage. Check it out.
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
> --
> :-)~MIKE~(-:
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
A mouse trap, placed on top of your alarm clock, will prevent you from
rolling over and going back to sleep after you hit the snooze button.
Stephen
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)