On 2015-07-27, Quartz qua...@sneakertech.com wrote:
Some years ago I remember reading that when using OpenBSD (or any OS,
really) as a router+firewall it was considered inadvisable from a
security standpoint to have the different networks all attached to a
single network card with multiple
turning out rather difficult to find a case that's small enough to fit. I'd
really like to use an itx system with multiple onboard ethernet jacks and
cram it into something like a MiniBox M350 or Antec ISK110, but I'm not sure
A Lanner FW7525 or even an Alix APU don't seem to be much larger...
On Mon, Jul 27, 2015 at 12:46 PM, Quartz qua...@sneakertech.com wrote:
Some years ago I remember reading that when using OpenBSD (or any OS,
really) as a router+firewall it was considered inadvisable from a security
standpoint to have the different networks all attached to a single network
2015-07-27 11:46 GMT+02:00 Quartz qua...@sneakertech.com:
turning out rather difficult to find a case that's small enough to fit. I'd
really like to use an itx system with multiple onboard ethernet jacks and
cram it into something like a MiniBox M350 or Antec ISK110, but I'm not sure
A Lanner
Though, of course, if you have been actively developing your system,
or if you have already been subject to other root attempts, a root
attempt runs a significant risk of crashing it.
(And if you have been developing a lot, there's a decent chance you'll
have already crashed it so many times that
On Mon, Jul 27, 2015 at 7:37 AM, Christian Weisgerber
na...@mips.inka.de wrote:
On 2015-07-27, Quartz qua...@sneakertech.com wrote:
Some years ago I remember reading that when using OpenBSD (or any OS,
really) as a router+firewall it was considered inadvisable from a
security standpoint to
It is certainly possible theoretically but you'll have to go to very
great lengths to imagine a scenario where a remote attacker could
exploit such a flaw. It's next to impossible identify the make and
model of the NIC that holds an IP address (if it is even directly
bound to a NIC, CARP and
If someone successfully attacks the firmware on any of your network cards, you
are screwed no matter what. Any modern network card is going to have the
ability to issue DMAs and can easily root your entire system.
These days you have bypass features in hardware that allow packets
to flow from one interface to another even if the firewall is turned
off.
Can you elaborate on this?
Also, that brings up another point wrt motherboards with multiple jacks;
are bios attacks something to worry about?
On 2015-07-27, Quartz qua...@sneakertech.com wrote:
This is a little off-topic, but I should clarify that although this
device's primary purpose is a firewall+router, it also has to provide a
handful of other network related services that set a few requirements
vis a vis hardware.
Depends
Em 27-07-2015 09:13, Kimmo Paasiala escreveu:
It's next to impossible identify the make and
model of the NIC that holds an IP address
With IPv6 and poor configuration, a remote attacker already have that
information. MAC addresses reveal a lot of information about a NIC.
Cheers,
Giancarlo
On Mon, Jul 27, 2015 at 11:10 AM, Quartz qua...@sneakertech.com wrote:
These days you have bypass features in hardware that allow packets
to flow from one interface to another even if the firewall is turned
off.
Can you elaborate on this?
Search for intel nic bypass mode and you'll find lots
Joseph Crivello [josephcrive...@gmail.com] wrote:
If someone successfully attacks the firmware on any of your network cards,
you are screwed no matter what. Any modern network card is going to have the
ability to issue DMAs and can easily root your entire system.
If you are running OpenBSD
On Mon, Jul 27, 2015 at 10:52 PM, Joseph Crivello
josephcrive...@gmail.com wrote:
If someone successfully attacks the firmware on any of your network cards,
you are screwed no matter what. Any modern network card is going to have the
ability to issue DMAs and can easily root your entire
Some years ago I remember reading that when using OpenBSD (or any OS,
really) as a router+firewall it was considered inadvisable from a
security standpoint to have the different networks all attached to a
single network card with multiple ethernet ports. The thinking being
that it was
15 matches
Mail list logo