LinuxSA Mailing list archives

  From: Adam Hawes <adam_hawes@dingoblue.net.au>
  To  : Michael Kratz <michael_kratz@hotmail.com>
        Linux SA <linuxsa@linuxsa.org.au>
  Date: Sun, 12 Nov 2000 23:42:43 +1030

Re: do I need a separate firewall?

> That is how my box is running at the moment and so far, all the attempts
> that people have tried to get into my box AFAIK have failed. However in the
> future, I am considering a dedicated firewall machine, it is more secure
> IMHO.

I have a similar setup on my network.  I have masquerading on for my
internal network.  The firewall is locked down reasonably well, only
allowing external services like SMTP.  TCP wrappers is set to deny all
by default and then only allow internal hosts, and I have turned off all
services that I don't need internally.

I've had a number of unsuccessful attempts to get in lately.  Seems that
last night they found their way in though.  I don't know how because
they erased all the log files and modified the DNS configuration, set
everything in the /etc/rc.d directories to be S99* and attempted to
reboot the box.  I haven't found anything else that has changed yet, but
I'm still going through everything.

Suffice to say the kernel won't actually soft-reset my gateway box for
some reason so I got in this morning and nothing was running.  I had a
squiz and it was sitting there waiting to the power to be cycled.  Well
anyway it woudldn't boot because DNS was screwed, and sendmail froze
waiting for that to start.  Everything was trying to start at once but
that wasn't so bad.

I guess it's time for a complete rebuild with the focus on security this
time.  Might use that spare box I have lying around for the task.

The long and short of it is that they'll get in no matter what you do. 
A dedicated firewall offers some level of protection to your internal
network because if anyone gets into that they'll probably be contented
screwing with that.  The beauty of a simple dedicated firewall is that
it can be set up on a write protected floppy disk so that if the
bastards get in and change things the box can be rebooted and come up
good as new.

While I'm on the topic of a rebuild, I'd like to give a recent copy of
Debian a whirl.  Does anyone on the South side of Adelaide have one on
CD that I could beg/copy/repay for?

Cheers,
Adam

-- 
Adam Hawes

Web:       http://overfiend.iwarp.com
Email:     adam_hawes@dingoblue.com.au
ICQ:       2492016

Voicemail: +61 (08) 8219-3238
Fax:       +61 (08) 8219-3238

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GAT dpu s+: a-- C++++ UL++ P+ L+++ E W- N+++ o+ K- w--- 
O- M V-- PS+ PE Y++ PGP++ t 5- X+++ R* tv b+ DI+ D---- 
G e* h! r--- y** 
------END GEEK CODE BLOCK------

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject