[TriLUG] Drop and insert transparent firewall (OpenBSD)

Aaron S. Joyner aaron at joyner.ws
Sun May 2 11:27:24 EDT 2004


Jon Carnes wrote:

>How about a third network card in the box and if you need to send a
>warning, have the system bring that NIC on-line and send out a warning,
>then take the NIC off-line again?
>
This is sort of like what I had in mind, although for simplicity I'd 
probably just bring up a temporary IP address on the internal interface, 
and send the warning from there.  Unless that 3rd NIC was on a separate 
network (unlikely) then it probably wouldn't make much difference from a 
security stand point if it were the nic passing all of the traffic, or a 
different nic on the same subnet.  As an added benefit (if you have 
enough addresses) you might bring up that nic with a random IP address, 
from a small range of say 3 or 4, to make it a little harder to predict 
an address you'd be able to attach to that belongs to the firewall.

Snort for network ID and something like your hidden partition 
suggestion, or even Samhain or Tripwire would work well for local ID.  
It's just something we didn't go to the trouble to implement, given the 
box's complete lack of direct network accessibility.

Aaron S. Joyner



More information about the TriLUG mailing list