[TriLUG] Drop and insert transparent firewall (OpenBSD)

[Aaron S. Joyner]

Jim Ray wrote:

>>This is sort of like what I had in mind, although for simplicity I'd
>>probably just bring up a temporary IP address on the internal interface,
>>and send the warning from there.  Unless that 3rd NIC was on a separate
>>network (unlikely) then it probably wouldn't make much difference from a
>>security stand point if it were the nic passing all of the traffic, or a
>>different nic on the same subnet.  As an added benefit (if you have
>>enough addresses) you might bring up that nic with a random IP address,
>>from a small range of say 3 or 4, to make it a little harder to predict
>>an address you'd be able to attach to that belongs to the firewall.
>>
>>Snort for network ID and something like your hidden partition
>>suggestion, or even Samhain or Tripwire would work well for local ID.
>>It's just something we didn't go to the trouble to implement, given the
>>box's complete lack of direct network accessibility.
>>
>>Aaron S. Joyner
>>    
>>
>[Jim Ray sez:] dude...we need to get you over here for one of our special
>topics/beer labs.
>
>  
>
Well, you won't lure me in with the Beer, but you might try V8 Splash or 
Chocolate.  :)

Aaron S. Joyner