Re: [Nolug] Joey's Network Info

From: Joey Kelly <>
Date: Mon, 17 Dec 2001 21:58:01 +0000
Message-Id: <01121721580114.01203@rahab>

I don't know what OpenBSD is doing these days, but if you want ipfiler, there
is the main site, which I found linked on the page:

and a totally incredible howto:

Freesco is neat, I use it, as do half the noluggers, I suppose. I have the
netbsd firewall project ( running at a location. The
packaged deal is more that adequate, with pre-written rules and configured to
be secure, a plug-and-play operation, even easier than freesco. However,
putting that up will not teach you anything about BSD, really. I wanted to
take the time to learn more about BSD, so I put up a regular install of
NetBSD, and built the firewall from scratch. I learned a lot going though the
docs and doing things myself.

I haven't gone through the entire howto yet, but I gleaned enough to make my
stuff fairly secure. What I can tell you, though, is that the howto takes
standard packet filtering theory, and applies it to ipfilter, step by step.
I've seen the same stuff in a book written for ipchains, which I read
half-way through.

As far as the network diagram goes, I changed a few things here and there
since I drew it up last spring. The basic layout is the same, but I have less
machines than planned, and my workstation no longer boots to That Other
Operating System. My wife's box has become my server, and she has a dedicated
winbox (ugh, not my choice).


Thou spake:
>Speaking of firewalls. I am thinking of trying freesco but perhaps I would
>also like to take a good luck at openbsd 3.0. What kind of example scripts
>can I look at (in ipchains/tables and ipf/pf format) to get an idea ahead of
>time of what I can tweak?
>On Monday 17 December 2001 19:40, you wrote:
>> Why do you think this is so bad? It's obvious he meant it to be publically
>> available. It doesn't give an attacker anything useful. And it's nott
>> like this lan is anything atypical with some intriguing back door. There
>> are only two ways in:
>> 1) through his netbsd firewall. You don't need an image of the LAN to
>> discover he's running a netbsd firewall. If there's a bug in NetBSD
>> that's exploitable, it'l be exploited if he doesn't plug it first.
>> And once an attacker's in, there's no mystery to discovering the other
>> PCs (if they're even interested in the internal LAN.
>> 2) sitting at a terminal in his house.
>> On Mon, Dec 17, 2001 at 03:44:36PM -0800, Bryant Stewart wrote:
>> > Hey Joey,
>> >
>> >
>> >
>> > Do you think that you should leak this critical
>> > information onto the net?? Someone here might get
>> > board on a Friday night and start to have a bit of
>> > fun...
>> >
>> > Bryant Stewart
>> >
>> > __________________________________________________
>> > Do You Yahoo!?
>> > Check out Yahoo! Shopping and Yahoo! Auctions for all of
>> > your unique holiday gifts! Buy at
>> > or bid at
>> > ___________________
>> > Nolug mailing list
>> >

Joey Kelly
< Minister of the Gospel | Computer Networking Consultant >
"When Government fears the people, it's liberty.
When people fear the Government, it's tyranny."
-- Benjamin Franklin
Nolug mailing list
Received on 12/17/01

This archive was generated by hypermail 2.2.0 : 12/19/08 EST