Re: Linux box as firewall

[Phillip Wylie]

A good cheap network card is Netgear. I have been using Netgear NICs
on my Redhat machines at home. As far as Linux distributions go, Redhat
is pretty easy to work with and the installation has gotten easier over
the past few years, plus there are lots of books on Redhat. Redhat 7.2
by default sets up a firewall. As far as modems go, I have DSL and have
not purchased a modem in a couple years.

regards,

Phillip 
 David Hayes <[EMAIL PROTECTED]> wrote:
> Hi, 
> I've got an old p150 with about 64Mb Ram hanging around that I'm going
> to
> set up as a firewall for when I get broadband. I have a few questions
> that
> hopefully somebody can answer
> 1. Whats the best distribution to use, I have had quite a bit of experience
> with Linux but not for the last 4/5 years so I'm a bit out of touch.
> 2. I'll need a network card for the box, any reccomendations for a
> cheap(ish) card that will be easy to configure under linux
> 3. Until I get broadband I'll probably set it up so the Linux box dials
> my
> normal ISP, I've only got a cheap winmodem any reccomendations for
> a good
> modem to use with Linux
> Thanks for all your help
> David Hayes
> 
> -- 
> GMX - Die Kommunikationsplattform im Internet.
> http://www.gmx.net
> 
>  

Re: loopback device

[phillip]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Actually, most loopback devices respond to any IP within the 127/8 IP range,
because the entire /8 block is reserved for loopback purposes.

The fact that a program is using it isn't a ''bad'' thing, although it is
extremely odd.

I do have a few concerns though. Is 45.253.14.97 an IP address on the system?
If not, you may want to investigate as to why traffic to the loopback subnet is
being routed there.

Also, f you're running a *NIX varient (Being snort, I guess so)... See if
there is a version of a utility called 'lsof' available for your system. What
that does is list information about open filedescriptors, including sockets
(tcp, udp, unix, etc), pipes, fifos, normal files, and more.

The output from that may be able to give you some insight as to what is binding
to that port on your system, if indeed anything is.

On 15-Jan-2002 Craig Van Tassle wrote:
> My loop back is supposed to be 127.0.0.1.. at least that is what my ifconfig
> shows me..  and i have no idea what program is running on that port.  
> Do you think that i could have a possible intrusin?
> 
> Thanks
> Craig
> 
> On Tue, Jan 15, 2002 at 10:44:48AM -0800, Glenn Pitcher wrote:
>> No, you can't bypass the firewall using the loopback interface.  Whats
>> interesting though is the IP address they're using... usually loopback is
>> 127.0.0.1 and the port number, 5460 isn't assigned to anyone so what program
>> is running?
>> 
>> -Original Message-
>> From: Craig Van Tassle [mailto:[EMAIL PROTECTED]]
>> Sent: Monday, January 14, 2002 8:48 AM
>> To: secuirty-basics
>> Subject: loopback device
>> 
>> 
>> Is it possible for someone over a network to use my loopback to by pass my
>> firewall?  If so what can i do to mitigate the problem and how damageing can
>> it be?
>> 
>> The reason im asking is my Snort sytem is showing badd loopback traffic..
>> thanks
>> 
>> here is a snipit from my snort logs.
>> 
>> [**] [1:528:2] BAD TRAFFIC loopback traffic [**]
>> [Classification: Potentially Bad Traffic] [Priority: 2]
>> 01/12-14:10:11.568007 45.253.14.97:49847 -> 127.167.228.85:5460
>> TCP TTL:64 TOS:0x0 ID:37583 IpLen:20 DgmLen:40
>> **S* Seq: 0x3F4BB00A  Ack: 0x0  Win: 0x200  TcpLen: 20
>> 
>> Thanks
>> Craig
>> 
>> 

- -- 
Phillip O'Donnell
Software Engineer, Esphion Limited
[EMAIL PROTECTED]


-BEGIN PGP SIGNATURE-
Version: PGP 6.5.1i

iQA/AwUBPEXd7nbXtTBvmfCfEQKNyQCfd08qxIx1+JqoOl47TH/pm74eSRcAoO7g
Ky+CD/KuL2KCESveLJw30Gb1
=VjXg
-END PGP SIGNATURE-