[H-GEN] E Smith Hacked
Sarah Hollings
sarah at humanfactors.uq.edu.au
Mon Jun 17 00:57:37 EDT 2002
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
Tony Bilbrough wrote:
>[ Humbug *General* list - semi-serious discussions about Humbug and ]
>[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
>
>G'day All,
>I have been repeatedly warned that E Smith does not have an effective firewall.
>But I have not had any problems since February, when it first fired up, so I
>never thought too much about it.
>[snip]
>All this is in haste, as I am now sorting thru 'bits', to build a box for a
>Smoothwall!
>Does any one have a copy of the Lite version I can borrow? I will come over and
>pick it up.
>
>
Tony,
I know it seems a big switch to use Free BSD if you're not familiar with
it.... But I had never had anything to do with FreeBSD 5 months ago,
until I build myself a drawbridge bridging firewall. Absolutely
brilliant. It runs on a pentium 100 and serves all 30 hosts on our
network without a hitch, really easy to use config file, very nice for
security.
http://drawbridge.tamu.edu/
I have it set up with 3 NIC's, the 3rd one only needs to be a fairly
crappy one as what it does is to provide an ssh interface with a 2nd NIC
in my desktop admin machine, direct peer-to-peer via a crossover utp
cable, for administration. The other two interfaces are the "in" and the
"out": neither can be routed to at all, they just either bridge packets
transparently across, or drop them. Any cracker can't even see where the
firewalling is happening, unless they get thru the firewall, into your
administration machine, and then into the firewall via the 3rd interface.
Obviously it doesn't do everything that smoothwall does, but if you're
into boxology, having a box that runs your firewall and doing all your
routing, NAT or whatever else you want seperately seems a good idea.
Sarah Hollings
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list