Re: Setting up ADSL?
I am getting ADSL (728/128) next week and have some questions.
I run Debian lenny with a 2.6.18 kernel.
The DSL connection will use PPPoE and I'll be getting a static IP.
I guess I just need 1 ethernet cable to connect the DSL modem to my NIC right?
How do I setup the PPPoE account (username, password)?
The modem also has a built in 4 port router so how can I setup NAT (I
only have 1 machine now but plan to add more in the future)?
Modem/routers come in many different types. You will need to find out
what facilities it has, what its default IP address is and whether it
has a DHCP server. If it's a router it will deal with any PPPoE issues
itself. Typically, all it needs is the username and password, and it
will sort out the DSL parameters by itself. All configuration will be
done using a web browser, though some routers allow command-line
operation over Telnet of features that the web server doesn't offer.
How do I setup DHCP for my private addresses which NAT will use?
The modem/router will have a default range, if you're not happy with
that you can change it. NAT will be the default mode, you'd need to
configure bridging if you wanted that. Routers are fairly user-friendly
these days, the idea being that a typical Windows kiddie can just plug
in and go. The defaults will be good for most situations.
Anyone have a good basic firewall (especially example rules scripts!)
that I can put up?
Any modem/router made in the last few years will have a stateful packet
filtering firewall which is on by default, and which (probably) doesn't
forward anything by default. What it won't do is to filter things going
out, without specific configuration.
The jury is out over whether workstation firewalls are of any real use,
as malware with admin privileges can simply turn them off. Malware
without admin privileges is a minor annoyance.
Besides a plain firewall what else can I do to make my machine more
secure since it will be connected to the outside world nearly 24x7
from now on.
Don't forward any services from the Internet that you don't need. Make
sure the router's 'administer from the Internet' facility is disabled,
whatever it may be called. Change the admin password immediately from
the default, before you plug in the telephone line. Probably the router
will refuse to reply to pings from outside by default, but if it
doesn't, configure that.
Most of all, use a virus checker on any Windows machines on the system,
and teach the users not to do naughty things like accepting 'free'
screensavers and the like. Don't let them run as admins. Network
break-ins are almost never caused by routers with security bugs, but by
careless users. All networks would be better off without them.
Last week one of my friends had their machine ping flooded, they
couldn't get any packets out and the attacker only stopped after he
unplugged his router and waited a few hours before reconnecting.
1) If this happens to me what should I do to stop the attacker and get
(A quick way to ignore their IP would be good for starters.)
Nothing whatever. You can't ignore an IP address until you've read what
it is, and 'flood' implies that your front-line machine will be fully
occupied just doing this. There is no defence other than telephoning
your ISP and asking them to block the relevant protocol, at least for a
time. First you have to reach someone at the ISP who knows what
2) Why didn't his ISP or even the ISP's upstream provider catch this
and automatically null route the offender?
Most ping floods and other DDOS attacks are distributed, coming from a
dozen or a hundred or a thousand different hijacked machines. It's rare
that they are done at random, the motive is usually financial, which
implies a commercial website of some kind. Renting out botnets, that is,
hundreds or thousands of hijacked computers, is big business, and they
are rarely deployed just for a laugh.
Also how can I manually bring my connection up and down?
There will be a place in the web configuration to do this, but in an
emergency don't forget the old low-technology method of pulling the plug
Anyone know some good packages for logging network trafficing,
deciphering logs, getting useful reports etc?
If you log a lot I suppose there is no way to get around having to
read many log mails every day, the price of security eh?
You imply but don't say definitely whether you will have a computer
running continuously. A router will have a very limited amount of spare
RAM, and may well store only twenty or thirty log events. You need an
always-on computer running a syslog daemon (all *nix machines do)
configured to receive remote input, and to configure the router to send
log entries to it. I use logcheck to report once an hour, but with a lot
of filtering added (I don't really want to be told every hour which
machines asked for a DNS lookup). If you have a fixed IP address, and
aren't doing anything commercial, there shouldn't really be a lot of