Any ideas on best floppy installed firewall/gateways out there?
Thanks, Dirk

I use coyote linux. (http://coyotelinux.com) It does the trick for me.

http://lwn.net/Distributions/

Try this link there are loads. The site is good for news too.

I have heard from various friens the freesco project is a good choice. It'll do DNS caching too.

FreeSCO has a lot of capabilities:
a simple bridge with up to 3 Ethernet segments
a router with up to 3 Ethernet segments
a dialup line router
a leased line router
an Ethernet router
a dial-in server with up to 2 modems
a time server
a dhcp server
a http server
a print server (requires TCP/IP printing client software)
But, it uses a 2.0 series kernel, the old firewall software (ipfwadm), and does not handle PPPoE DSL connections.

Coyote is only a router/firewall/DHCP server, but it does handle PPPoE connections, uses 2.2 kernels (2.2.19 I believe), and ipchains. It is also updated more regularly that FreeSCO (at least, as far as I can tell).

Another one is FrazierWall (http://www.frazierwall.com/), and it's based on LRP.

[ 28 January 2002: Message edited by: ds801 ]

Originally posted by thor420:
<STRONG>I use coyote linux. (http://coyotelinux.com) It does the trick for me.</STRONG>

i used coyote up until 1 month ago , ran 1 year on a 486dx4-100 nearly flawlessly

but now i use :cool: www.clarkconnect.org (http://www.clarkconnect.org) :cool:
it is cool :cool:

I have a copy of fwfloppy (or was it floppyfw). Really nice tool, and very simple. I keep it mainly as a backup just in case the hard drive gets corrupted or something, then I can use that for NAT and firewalling until I get things fixed.

Just wondering, are firewalls so important? I mean, if you don't get on IRC&ICQ, the possibility that someone would
1. get your IP
2. want to enter your computer
3. knows how to enter your computer
is like inexistant... Or am I wrong about that?

Originally posted by Ludootje:
<STRONG>Just wondering, are firewalls so important? </STRONG>

:eek: :eek:
:eek: :eek:

yes

:eek: :eek:
:eek: :eek:

Originally posted by FoBoT:
<STRONG> :eek: :eek:
:eek: :eek:

yes

:eek: :eek:
:eek: :eek:</STRONG>
=)
why?

If you are on a dialup connection, and only stays connected a few hours at a time, a firewall may be a 'overkill'.
BUT (and thats a big but), if you are on a DSL or cable connection where you are connected 24/7 a firewall of some sort is just a must-have. Staying away from ICQ and IRC does not mean nobody wont find your box and have their way with it!

Cheers :)

Originally posted by Ludootje:
<STRONG>
=)
why?</STRONG>

cause bad mean nasty evil yucky crackers will get inside all your systems and delete every thing and give you horrible viruses that can't be removed no matter what you try and even destroy your hardware cause they are so terrible

[ 29 January 2002: Message edited by: FoBoT ]

First, it's very easy to obtain an IP. By posting on this message board, you've left your IP logged. A webmaster can create a webpage that could obtain your IP address. Eg: http://www.whatismyip.com

Second, who says I need to know your IP address? I can just obtain a range of IPs and then run a ping sweep on them to determine which one is up. Once that's done, I can start running port scans on each IP and logging the results to a separate file. This is all automated and can be easily scripted.

Third, just because you have nothing important in your computer doesn't mean I don't want to crack it. There are two reasons why I would want to crack into a computer, even a newly setup one that was just bought a couple of hours ago.

1. Install a zombie for future distributed denial of service (ddos) attacks.

2. Use it as a mount point for an actual attack. By cracking into your computer and then attacking another computer, it's your IP that shows up, not mine. If I hop at least 10 computers before mounting an actual attack, there's a good chance that one of those computers don't keep logs, thus making me almost untraceable.

And finally, a firewall isn't the silver bullet. It's good to have to help protect your systems, but nothing beats having an alert and security concious sysadmin.

Originally posted by FoBoT:
<STRONG>cause bad mean nasty evil yucky crackers will get inside all your systems and delete every thing and give you horrible viruses that can't be removed no matter what you try and even destroy your hardware cause they are so terrible

[ 29 January 2002: Message edited by: FoBoT ]</STRONG>
therefor, they'll have to enter the box first, and as far as i know that's almost unpossible

I agree with it, but the chance is so small...
anyway, we have a nice firewall here, which tells me about everything (new home page in IE, an app which is trying to connect to the internet and if i want to let it connect or not,...)

xconsole: what can a sysadmin do more then a firewall? i mean, if your firewall doesn't detect open ports/someone connecting to ports, how will the sysadmin know it :confused:?

Firewalls are a requirement for always-on internet. I have DSL, and run Smoothwall firewall (www.smoothwall.org). I check the logs regularly and they show that my IP is constantly being scanned for open ports.

There are tools out there that allow script kiddies to quickly scan huge blocks of IP addresses at a click of the button. They may not specifically be targeting you, but if they stumble across your IP with open ports, they will come knocking.

For a floppy disk based firewall check out Gnatbox. http://www.gnatbox.com

Aaron

which logs should i check to see if someone's scanning my ip? or do i need logs from the server for that?

aaron is referring to the firwall program's logs. You can have the firewall program log all the 'hits' against the firewall (any packets that were blocked by the firewall). So the actual file name/location of the log could be different depending on the program.

Connection time isn't the only concern when it comes to cable/DSL lines, the fact that they are FAST also makes them good targets.

therefor, they'll have to enter the box first, and as far as i know that's almost unpossible
It's only impossible if you don't know how to do it.

if your firewall doesn't detect open ports/someone connecting to ports, how will the
sysadmin know it ?

Firewalls don't detect open ports, they just block/allow whatever you tell them to. You'd only know someone is trying to connect to your machine if the firewall alerts you (like Zone Alarm does), or you monitor the actual firewall logs.

What else can a sysadmin do? Well, he needs to be alert about the things that are happening in the security world. Sign up for security mailing lists and then keep your programs updated. Also make sure that everyone in the organization is given a short course on security. You said that the chances of someone breaking into a secure box is small, and you may be right if your box is tight, but the question is, are your people security concious? If I can't break into a system, I can social engineer my way into it. Just do a whois on the domain, find out who's in charge of it, call up the secretary, pretend you're the guy in charge, make up some story about giving you the password and login so you can check her account and then say thanks and leave. No need for password cracking or scanning ports. Completely quiet. No one knows what happened, and the sysadmins won't see this one in their logs. Now if the secretary were more concious, she'd have asked more questions and for more identification. So that's why you need to make them security concious.

So you see, breaking into a server doesn't have to mean port scanning and the whole usual shebang. And I could always be patient. If I know you've got ssh running but your box is tight, I could wait until an exploit is found for the current ssh and then quickly use the exploit to break in before the patch is released.

Just practice regular security procedures, like forcing users to have a minimum of 8 passwords, check your logs daily, and so on.