RE: Cracking attempt

To: "debian-isp@lists.debian.org" <debian-isp@lists.debian.org>
Subject: RE: Cracking attempt
From: "Stefaan Teerlinck" <stefaan@itecom.be>
Date: Tue, 25 Feb 2003 07:19:09 +0100
Message-id: <auto-000001697187@itecom.be>

There are also cheap ($100) NAT routers / "firewalls" available like
D-Link or Netgear if you don't need a speed > 10Mbps
You'll have to spend $100, but it won't consume you time, it takes a lot
less space, and it will consume a lot less electricity.

> -----Oorspronkelijk bericht-----
> Van: Craig Sanders [mailto:cas@taz.net.au]
> Verzonden: dinsdag 25 februari 2003 1:38
> Aan: Tim Spriggs
> CC: debian-isp@lists.debian.org
> Onderwerp: Re: Cracking attempt
>
>
> On Mon, Feb 24, 2003 at 06:08:43AM -0700, Tim Spriggs wrote:
> > > What OS are you using?  Presumably if it was Linux you would have
> > > solved the problem with iptables or ipchains long ago...
> >
> > Solaris 9 :( It does have some firewalling software but caused some
> > major conflicts at one point with no config and honestly, I and one
> > other person are pushing to get a firewall and seperation
> of tasks on
> > different machines. The way this thing sits right now I'd be
> > un-surprised if someone with an hour of spare time and a
> little talent
> > could get in and fuck a _LOT_ up.
>
> here's a quick-and-dirty (and cheap!) temporary solution:
>
> get an old 386/486/pentium box - there should be several
> gathering dust
> at any university.  put two ethernet cards in it, and install
> linux (any
> debian with kernel 2.4.x) on the machine and configure it as a NAT
> firewall.  plug one NIC into your network, and use a
> crossover cable to
> connect the other NIC to your solaris box.
>
> in short, what this will do is take the solaris box off the external
> network and put it on a second (private) network.  DNAT on
> the linux box
> will allow authorised machines to connect to it and SNAT allows the
> solaris box to get out.
>
> if you configure the NAT stuff right, the change will be completely
> transparent to all users.
>
> it's pretty ugly, but it will work...and it's something you can do
> without spending any money or asking permission (remember it's always
> easier to get forgiveness than permission :).
>
> if anyone ever notices and complains, you can justify it by saying you
> had no choice.  you had to protect the server and the backups it
> contained but had no budget to do it with.
>
>
> alternatively, build the linux box but put it between your external
> router and your main network.  there's no need for NAT in this setup,
> just plain routing and iptables firewalling rules.
>
>
> a third alternative, (which may or may not be viable,
> depending on what
> kind of border router you have and how your network is set up) is to
> replace the router with the linux box.
>
> craig
>
> --
> craig sanders <cas@taz.net.au>
>
> Fabricati Diem, PVNC.
>  -- motto of the Ankh-Morpork City Watch
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>

Reply to:

Follow-Ups:
- RE: Cracking attempt
  - From: Tim Spriggs <tims@fugazi.engr.arizona.edu>
- Re: Cracking attempt
  - From: Craig Sanders <cas@taz.net.au>

Prev by Date: Re: Mail server
Next by Date: Apache Virtual Hosts Chroot ?
Previous by thread: Re: Cracking attempt
Next by thread: RE: Cracking attempt
Index(es):
- Date
- Thread