Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Quote:
Originally posted by neo77777 wouldn't swear by Cisco Pix - it has its own flaws - implement a statefull firewall solution on your border, Astaro's asl, Smoothwall (linux flavours), you might want to research it farther and get a commercial solution I wouldn't go far to recommend CheckPoint because its best is not for SOHO environment - overkill. Good luck.
What the heck are you talking about? PIX is a stateful firewall. Why would you go from a $15,000 valued (at least, depending on the license and possible hardware cards) commercial product and downgrade to Astaro or Smoothwall? That just doesn't make sense.
It's a PIX 501 with 3DES VPN and a 50 user license. Still overkill, but very effective. Not quite $15,000, but a few thousand if I remember correctly. We used it at work for 2 years without a single problem. We would still be using it at work, but when SBC restored our DSL connection, their installer insisted on installing their Cayman. I was like "whatever" and took the 501 home to "test". I'm still "testing". Maybe I'll buy it if the price it right.
I used to use a Smoothwall Express gateway, but the Pix is small, dead quiet and emits no heat! The Smoothwall was the exact opposite, large and very loud, heating up the closet in about 10 minutes.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Wow, I knew SBC is dumb but that takes the cake... "no, you can't use a proven security device, here use our no-name one instead". WTF kind of service is that?
On the bright side, at least you get to "test" a PIX at home. Most people don't have that luxury
How dumb can SBC be? I guess you didn't read my other post about them accidentally cutting-off our DSL service for 10 days! Then instead of using a change order which would send someone out and reroute our line in our wiring closet to turn our old service back on, they put in a new order. Thus the 10 day delay! Then they sent out some rookie installer that had no idea what our situation was and wouldn't work on a PIX. He could only install the Cayman. I even had to put in the port forwarding data because he wasn't allowed too! That is how dumb they can be.
Originally posted by chort What the heck are you talking about? PIX is a stateful firewall. Why would you go from a $15,000 valued (at least, depending on the license and possible hardware cards) commercial product and downgrade to Astaro or Smoothwall? That just doesn't make sense.
I guess I misunderstood your position/company size, your admin activities/powers, etc - of course if you (company you work for) can afford 15 grand for a firewall solution Astaro and Smoothwall fall off the hook. I got an impression your situation reflected SOHO environment, and a PIX was "given" away to you - my point was that if you don't posess license for the Cisco device all you would have a firewall w/o future upgrades, etc, and at some point you would be urged to upgrade it.
No conclusion. I also have yet to see a similar post on this or any other forum I frequent. It was a silly XP box so I just reloaded the OS and hardened my network. I didn't persue it any further.
This was a stange event that was only caught because I was in the process of switching from dial-up service to DSL. The log file I posted was actually the Smoothwall Snort log I had setup to use my as my router and firewall when my DSL service was turned on, not from my XP machine. Smoothwall was not firewalling the dialup connection but the"as yet to be turned on" DSL service.
Being that my DSL service was not yet active I was still using a dial-up connection from my XP machine to download updates. The person that "got in" got into the XP machine through the dialup then used the XP machine to try to hack in to the Smoothwall router. The log file I posted was after the XP machine had already been compromised. XP, to my knowledge, does not have verbose logging like linux so the info that you are requesting was never logged for review. I don't even have an originating IP address. Like I said previously, I have yet to see a similar "signature" anywhere so I can assume it was a cracker and not a virus, but that is only a guess.
Originally posted by chort XP does have an Event Log IIRC; it's just turned off by default. Control Panel -> Administrative Tools should have an option to turn on the Event Log.
Chort, thanks for the reply. My comment about verbose logging was regarding the actual content of the log, the "verbosity". In my experience, the logs just weren't that useful, however, I just checked the event logs for my XP machine here at work and it appears that the content of the logs has greatly improved since I last bothered to look at one. I'm running Service Pack 2. Was that changed in the last SP or have I just not been paying close enough attention?
Originally posted by ghight
[B]<snip> Proof that Windows should never directly touch the Internet. <snip>
I case you all missed these important words from his first post, the man has it right.
As most of the world still uses windows people that develope web pages need them to check their work and to see how it looks for most users. I have 2 safely hidden behind a Suse firewall.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.