[TriLUG] Drop and insert transparent firewall (OpenBSD)

Jim Ray jim at neuse.net
Sun May 2 11:55:50 EDT 2004


> This is sort of like what I had in mind, although for simplicity I'd
> probably just bring up a temporary IP address on the internal interface,
> and send the warning from there.  Unless that 3rd NIC was on a separate
> network (unlikely) then it probably wouldn't make much difference from a
> security stand point if it were the nic passing all of the traffic, or a
> different nic on the same subnet.  As an added benefit (if you have
> enough addresses) you might bring up that nic with a random IP address,
> from a small range of say 3 or 4, to make it a little harder to predict
> an address you'd be able to attach to that belongs to the firewall.
> 
> Snort for network ID and something like your hidden partition
> suggestion, or even Samhain or Tripwire would work well for local ID.
> It's just something we didn't go to the trouble to implement, given the
> box's complete lack of direct network accessibility.
> 
> Aaron S. Joyner
[Jim Ray sez:] dude...we need to get you over here for one of our special
topics/beer labs.




More information about the TriLUG mailing list