[TriLUG] Drop and insert transparent firewall (OpenBSD)
Jim Ray
jim at neuse.net
Sun May 2 11:55:50 EDT 2004
> This is sort of like what I had in mind, although for simplicity I'd
> probably just bring up a temporary IP address on the internal interface,
> and send the warning from there. Unless that 3rd NIC was on a separate
> network (unlikely) then it probably wouldn't make much difference from a
> security stand point if it were the nic passing all of the traffic, or a
> different nic on the same subnet. As an added benefit (if you have
> enough addresses) you might bring up that nic with a random IP address,
> from a small range of say 3 or 4, to make it a little harder to predict
> an address you'd be able to attach to that belongs to the firewall.
>
> Snort for network ID and something like your hidden partition
> suggestion, or even Samhain or Tripwire would work well for local ID.
> It's just something we didn't go to the trouble to implement, given the
> box's complete lack of direct network accessibility.
>
> Aaron S. Joyner
[Jim Ray sez:] dude...we need to get you over here for one of our special
topics/beer labs.
More information about the TriLUG
mailing list