-- Joey Kelly < Minister of the Gospel | Computer Networking Consultant > http://joeykelly.dhs.org "When Government fears the people, it's liberty. When people fear the Government, it's tyranny." -- Benjamin Franklin
attached mail follows:
Hey Joey,
http://joeykelly.dhs.org/goodies/Codifer_LAN.gif
Do you think that you should leak this critical
information onto the net?? Someone here might get
board on a Friday night and start to have a bit of
fun...
Bryant Stewart
__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com
___________________
Nolug mailing list
nolug@nolug.org
attached mail follows:
Why do you think this is so bad? It's obvious he meant it to be publically
available. It doesn't give an attacker anything useful. And it's nott
like this lan is anything atypical with some intriguing back door. There
are only two ways in:
1) through his netbsd firewall. You don't need an image of the LAN to
discover he's running a netbsd firewall. If there's a bug in NetBSD
that's exploitable, it'l be exploited if he doesn't plug it first.
And once an attacker's in, there's no mystery to discovering the other
PCs (if they're even interested in the internal LAN.
2) sitting at a terminal in his house.
On Mon, Dec 17, 2001 at 03:44:36PM -0800, Bryant Stewart wrote:
> Hey Joey,
>
> http://joeykelly.dhs.org/goodies/Codifer_LAN.gif
>
> Do you think that you should leak this critical
> information onto the net?? Someone here might get
> board on a Friday night and start to have a bit of
> fun...
>
> Bryant Stewart
>
> __________________________________________________
> Do You Yahoo!?
> Check out Yahoo! Shopping and Yahoo! Auctions for all of
> your unique holiday gifts! Buy at http://shopping.yahoo.com
> or bid at http://auctions.yahoo.com
> ___________________
> Nolug mailing list
> nolug@nolug.org
-- Scott Harney<scotth@scottharney.com> PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 ___________________ Nolug mailing list nolug@nolug.org
attached mail follows:
Speaking of firewalls. I am thinking of trying freesco but perhaps I would
also like to take a good luck at openbsd 3.0. What kind of example scripts
can I look at (in ipchains/tables and ipf/pf format) to get an idea ahead of
time of what I can tweak?
Thanks,
ml
On Monday 17 December 2001 19:40, you wrote:
> Why do you think this is so bad? It's obvious he meant it to be publically
> available. It doesn't give an attacker anything useful. And it's nott
> like this lan is anything atypical with some intriguing back door. There
> are only two ways in:
> 1) through his netbsd firewall. You don't need an image of the LAN to
> discover he's running a netbsd firewall. If there's a bug in NetBSD
> that's exploitable, it'l be exploited if he doesn't plug it first.
> And once an attacker's in, there's no mystery to discovering the other
> PCs (if they're even interested in the internal LAN.
> 2) sitting at a terminal in his house.
>
> On Mon, Dec 17, 2001 at 03:44:36PM -0800, Bryant Stewart wrote:
> > Hey Joey,
> >
> > http://joeykelly.dhs.org/goodies/Codifer_LAN.gif
> >
> > Do you think that you should leak this critical
> > information onto the net?? Someone here might get
> > board on a Friday night and start to have a bit of
> > fun...
> >
> > Bryant Stewart
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Check out Yahoo! Shopping and Yahoo! Auctions for all of
> > your unique holiday gifts! Buy at http://shopping.yahoo.com
> > or bid at http://auctions.yahoo.com
> > ___________________
> > Nolug mailing list
> > nolug@nolug.org
-- Linux 2.4.16 8:50pm up 11:50, 2 users, load average: 0.00, 0.02, 0.05 "I am, therefore I am." -- Akira ___________________ Nolug mailing list nolug@nolug.org
attached mail follows:
I don't know what OpenBSD is doing these days, but if you want ipfiler, there
is the main site, which I found linked on the NetBSD.org page:
http://coombs.anu.edu.au/~avalon/ip-filter.html
and a totally incredible howto:
http://www.obfuscation.org/ipf/ipf-howto.txt
Freesco is neat, I use it, as do half the noluggers, I suppose. I have the
netbsd firewall project (http://www.dubbele.com) running at a location. The
packaged deal is more that adequate, with pre-written rules and configured to
be secure, a plug-and-play operation, even easier than freesco. However,
putting that up will not teach you anything about BSD, really. I wanted to
take the time to learn more about BSD, so I put up a regular install of
NetBSD, and built the firewall from scratch. I learned a lot going though the
docs and doing things myself.
I haven't gone through the entire howto yet, but I gleaned enough to make my
stuff fairly secure. What I can tell you, though, is that the howto takes
standard packet filtering theory, and applies it to ipfilter, step by step.
I've seen the same stuff in a book written for ipchains, which I read
half-way through.
As far as the network diagram goes, I changed a few things here and there
since I drew it up last spring. The basic layout is the same, but I have less
machines than planned, and my workstation no longer boots to That Other
Operating System. My wife's box has become my server, and she has a dedicated
winbox (ugh, not my choice).
--Joey
Thou spake:
>Speaking of firewalls. I am thinking of trying freesco but perhaps I would
>also like to take a good luck at openbsd 3.0. What kind of example scripts
>can I look at (in ipchains/tables and ipf/pf format) to get an idea ahead of
>time of what I can tweak?
>
>Thanks,
>
>ml
>
>On Monday 17 December 2001 19:40, you wrote:
>> Why do you think this is so bad? It's obvious he meant it to be publically
>> available. It doesn't give an attacker anything useful. And it's nott
>> like this lan is anything atypical with some intriguing back door. There
>> are only two ways in:
>> 1) through his netbsd firewall. You don't need an image of the LAN to
>> discover he's running a netbsd firewall. If there's a bug in NetBSD
>> that's exploitable, it'l be exploited if he doesn't plug it first.
>> And once an attacker's in, there's no mystery to discovering the other
>> PCs (if they're even interested in the internal LAN.
>> 2) sitting at a terminal in his house.
>>
>> On Mon, Dec 17, 2001 at 03:44:36PM -0800, Bryant Stewart wrote:
>> > Hey Joey,
>> >
>> > http://joeykelly.dhs.org/goodies/Codifer_LAN.gif
>> >
>> > Do you think that you should leak this critical
>> > information onto the net?? Someone here might get
>> > board on a Friday night and start to have a bit of
>> > fun...
>> >
>> > Bryant Stewart
>> >
>> > __________________________________________________
>> > Do You Yahoo!?
>> > Check out Yahoo! Shopping and Yahoo! Auctions for all of
>> > your unique holiday gifts! Buy at http://shopping.yahoo.com
>> > or bid at http://auctions.yahoo.com
>> > ___________________
>> > Nolug mailing list
>> > nolug@nolug.org
-- Joey Kelly < Minister of the Gospel | Computer Networking Consultant > http://joeykelly.dhs.org "When Government fears the people, it's liberty. When people fear the Government, it's tyranny." -- Benjamin Franklin ___________________ Nolug mailing list nolug@nolug.orgReceived on 12/21/01
This archive was generated by hypermail 2.2.0 : 12/19/08 EST
