Re: Setting up ADSL?

To: debian-user@lists.debian.org
Subject: Re: Setting up ADSL?
From: Joe <joe@jretrading.com>
Date: Sat, 09 Feb 2008 16:59:54 +0000
Message-id: <[🔎] fokm6c$a2e$1$830fa795@news.demon.co.uk>
In-reply-to: <9UUc8-4oO-1@gated-at.bofh.it>
References: <[🔎] ecfa260c0802090111l4784b02dt7bd5243a7f8261c1@mail.gmail.com>

Zach wrote:

I am getting ADSL (728/128) next week and have some questions.

I run Debian lenny with a 2.6.18 kernel.

The DSL connection will use PPPoE and I'll be getting a static IP.

I guess I just need 1 ethernet cable to connect the DSL modem to my NIC right?

How do I setup the PPPoE account (username, password)?

The modem also has a built in 4 port router so how can I setup NAT (I
only have 1 machine now but plan to add more in the future)?

Modem/routers come in many different types. You will need to find outwhat facilities it has, what its default IP address is and whether ithas a DHCP server. If it's a router it will deal with any PPPoE issuesitself. Typically, all it needs is the username and password, and itwill sort out the DSL parameters by itself. All configuration will bedone using a web browser, though some routers allow command-lineoperation over Telnet of features that the web server doesn't offer.


How do I setup DHCP for my private addresses which NAT will use?

The modem/router will have a default range, if you're not happy withthat you can change it. NAT will be the default mode, you'd need toconfigure bridging if you wanted that. Routers are fairly user-friendlythese days, the idea being that a typical Windows kiddie can just plugin and go. The defaults will be good for most situations.


Anyone have a good basic firewall (especially example rules scripts!)
that I can put up?

Any modem/router made in the last few years will have a stateful packetfiltering firewall which is on by default, and which (probably) doesn'tforward anything by default. What it won't do is to filter things goingout, without specific configuration.

The jury is out over whether workstation firewalls are of any real use,as malware with admin privileges can simply turn them off. Malwarewithout admin privileges is a minor annoyance.


Besides a plain firewall what else can I do to make my machine more
secure since it will be connected to the outside world nearly 24x7
from now on.

Don't forward any services from the Internet that you don't need. Makesure the router's 'administer from the Internet' facility is disabled,whatever it may be called. Change the admin password immediately fromthe default, before you plug in the telephone line. Probably the routerwill refuse to reply to pings from outside by default, but if itdoesn't, configure that.

Most of all, use a virus checker on any Windows machines on the system,and teach the users not to do naughty things like accepting 'free'screensavers and the like. Don't let them run as admins. Networkbreak-ins are almost never caused by routers with security bugs, but bycareless users. All networks would be better off without them.


Last week one of my friends had their machine ping flooded, they
couldn't get any packets out and the attacker only stopped after he
unplugged his router and waited a few hours before reconnecting.
Questions:

1) If this happens to me what should I do to stop the attacker and get
back online?
(A quick way to ignore their IP would be good for starters.)

Nothing whatever. You can't ignore an IP address until you've read whatit is, and 'flood' implies that your front-line machine will be fullyoccupied just doing this. There is no defence other than telephoningyour ISP and asking them to block the relevant protocol, at least for atime. First you have to reach someone at the ISP who knows what'protocol' is.


2) Why didn't his ISP or even the ISP's upstream provider catch this
and automatically null route the offender?

Most ping floods and other DDOS attacks are distributed, coming from adozen or a hundred or a thousand different hijacked machines. It's rarethat they are done at random, the motive is usually financial, whichimplies a commercial website of some kind. Renting out botnets, that is,hundreds or thousands of hijacked computers, is big business, and theyare rarely deployed just for a laugh.


Also how can I manually bring my connection up and down?

There will be a place in the web configuration to do this, but in anemergency don't forget the old low-technology method of pulling the plugout.


Anyone know some good packages for logging network trafficing,
deciphering logs, getting useful reports etc?
If you log a lot I suppose there is no way to get around having to
read many log mails every day, the price of security eh?

You imply but don't say definitely whether you will have a computerrunning continuously. A router will have a very limited amount of spareRAM, and may well store only twenty or thirty log events. You need analways-on computer running a syslog daemon (all *nix machines do)configured to receive remote input, and to configure the router to sendlog entries to it. I use logcheck to report once an hour, but with a lotof filtering added (I don't really want to be told every hour whichmachines asked for a DNS lookup). If you have a fixed IP address, andaren't doing anything commercial, there shouldn't really be a lot oftrouble.

Reply to:

References:
- Setting up ADSL?
  - From: Zach <netrek@gmail.com>

Prev by Date: [OT] beefy steel cases
Next by Date: Re: [OT] beefy steel cases
Previous by thread: Re: Setting up ADSL?
Next by thread: Re: Setting up ADSL?
Index(es):
- Date
- Thread