Date: Sat, 11 Dec 1999 02:08:43 -0500 (EST) From: Mike Nowlin <mike@argos.org> To: "Scott I. Remick" <scott@computeralt.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: What kind of attack is this? Message-ID: <Pine.LNX.4.05.9912110202300.2576-100000@jason.argos.org> In-Reply-To: <4.2.2.19991208171410.00aa4db0@mail.computeralt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Yeah, I understand all that, believe it or not :). I actually have the > system built up partway (FreeBSD 3.3, 2 NICs working, ssh the only service, > firewall built into kernel, etc) but it's not quite so easy to just drop it > into place. I need to get everyone off static IP and onto DHCP so I can > then chop up our class C into subnets so we can actually do routing, then > move some server's IPs around so they end up in the proper subnets, and I > even want to drop in a 3rd NIC and have a 3-homed host. But things that > involve change and aren't Microsoft solutions move at a snail's pace around > here... but I digress... My suggestion (and how I did this same thing) is to shove the dual-ethernet FBSD box between the Pipeline and the local ethernet, and give it a IPFW rule of "60000 pass all from any to any" (or whatever it is) so that the introduction of the FBSD box goes unnoticed at first..... You can then insert rules to deny certain traffic patterns before the "pass all" line as you need to.... Over time, you can change the general policies from pass-all to deny-all-except-the-following -- if you do it carefully, any problems that show up can be explained to upper management as "Sorry, but the Microsloth implementation of that protocol has been buggy since IP was first introduced on Win311, and the latest version of RealAudio fixed their reliance on that particular bug." :) mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.9912110202300.2576-100000>