RE: Cracking attempt
< PRE >
| T I M S P R I G G S |
| Assistant Sysadmin - Development |
| College of Engineering and Mines |
| ECE206A - (520) 621-3185 |
On Tue, 25 Feb 2003, Stefaan Teerlinck wrote:
> There are also cheap ($100) NAT routers / "firewalls" available like
> D-Link or Netgear if you don't need a speed > 10Mbps
> You'll have to spend $100, but it won't consume you time, it takes a lot
> less space, and it will consume a lot less electricity.
> > -----Oorspronkelijk bericht-----
> > Van: Craig Sanders [mailto:firstname.lastname@example.org]
> > Verzonden: dinsdag 25 februari 2003 1:38
> > Aan: Tim Spriggs
> > CC: email@example.com
> > Onderwerp: Re: Cracking attempt
> > On Mon, Feb 24, 2003 at 06:08:43AM -0700, Tim Spriggs wrote:
> > > > What OS are you using? Presumably if it was Linux you would have
> > > > solved the problem with iptables or ipchains long ago...
> > >
> > > Solaris 9 :( It does have some firewalling software but caused some
> > > major conflicts at one point with no config and honestly, I and one
> > > other person are pushing to get a firewall and seperation
> > of tasks on
> > > different machines. The way this thing sits right now I'd be
> > > un-surprised if someone with an hour of spare time and a
> > little talent
> > > could get in and fuck a _LOT_ up.
> > here's a quick-and-dirty (and cheap!) temporary solution:
> > get an old 386/486/pentium box - there should be several
> > gathering dust
> > at any university. put two ethernet cards in it, and install
> > linux (any
> > debian with kernel 2.4.x) on the machine and configure it as a NAT
> > firewall. plug one NIC into your network, and use a
> > crossover cable to
> > connect the other NIC to your solaris box.
> > in short, what this will do is take the solaris box off the external
> > network and put it on a second (private) network. DNAT on
> > the linux box
> > will allow authorised machines to connect to it and SNAT allows the
> > solaris box to get out.
> > if you configure the NAT stuff right, the change will be completely
> > transparent to all users.
> > it's pretty ugly, but it will work...and it's something you can do
> > without spending any money or asking permission (remember it's always
> > easier to get forgiveness than permission :).
> > if anyone ever notices and complains, you can justify it by saying you
> > had no choice. you had to protect the server and the backups it
> > contained but had no budget to do it with.
> > alternatively, build the linux box but put it between your external
> > router and your main network. there's no need for NAT in this setup,
> > just plain routing and iptables firewalling rules.
> > a third alternative, (which may or may not be viable,
> > depending on what
> > kind of border router you have and how your network is set up) is to
> > replace the router with the linux box.
> > craig
> > --
> > craig sanders <firstname.lastname@example.org>
> > Fabricati Diem, PVNC.
> > -- motto of the Ankh-Morpork City Watch
> > --
> > To UNSUBSCRIBE, email to email@example.com
> > with a subject of "unsubscribe". Trouble? Contact
> > firstname.lastname@example.org
> To UNSUBSCRIBE, email to email@example.com
> with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org