HackFest Series: Firewall Building 101 April Lab 2nd Saturday Noon At UAT

mike havens bmike1 at gmail.com
Sat Mar 28 23:30:53 MST 2009


boooohoooo! I wish I could be there.

On Sun, Mar 29, 2009 at 1:05 AM, Lisa Kachold <lisakachold at obnosis.com>wrote:

>  Join us at UAT.edu as we build and play with Firewall ISO's in old boxen
> with network cards.
>
> Just imagine the script kiddies surprise when your new Firewall retaliates
> with a storm of SYN packets automagically rather than roll over like your
> Linksys or Netgear did?
>
> Imagine being able to check snort logs and dump a big list of IPs directly
> to a deny file without having to type them all into teensy little forms like
> on the http://192.168.1.1/filters.htm screen!
>
> Addicted to the LinkSys/Netgear Wireless, or like the fast ethernet ports
> and pretty blue and white LinkSys interface for setting up VPN's?
>
> You can set that device in place on the INSIDE of your Firewall of China!
>
> See you there!
>
> Obnosis <http://www.obnosis.com/> | (503)754-4452
> PLUG <http://http//plug.phoenix.az.us> Linux Security Labs<http://uat.edu/>2nd Saturday Each Month at Noon- 3PM
>
>
> ------------------------------
> From: lisakachold at obnosis.com
> To: plug-discuss at lists.plug.phoenix.az.us
> Subject: RE: OT? Linux-based trojans now targeting WRT and other
> linux-based routers
> Date: Sun, 29 Mar 2009 04:09:13 +0000
>
> Yes, I was thinking about getting an ASA, but I like my gigabit 1000BaseT
> connections, L2 vlan, VPN's, and I think you are correct that optimally, a
> fast machine with 4 ethernet cards is going to be the direct solution in
> line before that silly "LinkSys" arm processor IPS.
>
> I used to build custom linux firewalls in 1995 and drop them in for
> businesses with a 2400 cisco, and I have built a few since (azwsx.com) so
> I think I will take your advice - I have a fresh install FreeBSD box right
> here, and a couple extra cards.
>
> Thanks for the great suggestion!
>
> Obnosis <http://www.obnosis.com/> | (503)754-4452
> PLUG <http://http//plug.phoenix.az.us> Linux Security Labs<http://uat.edu/>2nd Saturday Each Month at Noon- 3PM
>
> > Date: Sat, 28 Mar 2009 03:13:32 -0700
> > From: technomage.hawke at gmail.com
> > To: plug-discuss at lists.plug.phoenix.az.us
> > Subject: Re: OT? Linux-based trojans now targeting WRT and other
> linux-based routers
> >
> > Lisa Kachold wrote:
> > > Well, the sad fact is that _any_ machine will kick over and barf it's
> guts under distributed attacks; it just depends on what it does after the
> green slime clears..
> > > Also, it really helps if you run one that won't take WRT, or only runs
> on an arm, with small memory therefore they aren't too hot to pwn you.
> Linksys put out the source, whereupon I built my own, and played with the
> features; you know kiddies are doing this also.
> > >
> > > Course, if you have a WRT-able router, it's a good idea to set it up as
> a small linux system, but you have to know how to work it; starting by
> iptable deny all of china is a good start.
> > > I have had mine owned regularly; I just flash it again. Mine is easy to
> determine, since it suddenly starts showing AIM ports open. Once they target
> you successfully, they will insidiously continue to keep track of you;
> rather like trophy hunting.
> > > I could have done a complete defcon presentation on various routers by
> this time.
> > > That's why I always suggest to everyone, if you see something strange,
> you see something strange, report it, complain, study it, rather than
> continuing to agree with everyone in denial about the sad state of security.
> > > Obnosis | (503)754-4452
> > >
> > >
> > >
> > >
> > > PLUG Linux Security Labs 2nd Saturday Each Month at Noon - 3PM
> > >
> > Lisa (and others),
> > I don't tend to generally trust the "commercial grade" devices
> > available. they can't handle what I do with my home connection on a
> > daily basis
> > (and the last thing I want is some script kiddie pwning my router). I
> > use OpenBSD here as my firewall machine (I have both a hardware version
> > and vmware). I tend to keep close track on these and so far, neither
> > have been "pwned" after nearly 5 years of continuous use. I used to use a
> > linux firewall before that, but had problems with rootkits.
> >
> > Even with this, it still doesn't hurt to have a whole bevy of security
> > tools at hand for "just in case" (like windows, linux, OS X, etc).
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ------------------------------
> Quick access to Windows Live and your favorite MSN content with Internet
> Explorer 8.<http://ie8.msn.com/microsoft/internet-explorer-8/en-us/ie8.aspx?ocid=B037MSN55C0701A>
> ------------------------------
> Windows Live™ SkyDrive: Get 25 GB of free online storage. Check it out.<http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_skydrive_032009>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
:-)~MIKE~(-:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090329/29e984e1/attachment.htm 


More information about the PLUG-discuss mailing list