[olug] firewall

Jon thechunk at thechunk.dhs.org
Wed Jun 13 14:34:39 UTC 2001 

I didn't know there was another Jon.  Thanks very much this is excactly what I was looking for.  I guess as a follow on has anyone used any system tracking tools to make sure no system files were modified?  I had my gateway taken over once and was all paranoid after that but didnt' finish acting on some of my initial premonitions.  One consideration I had was to setup my box off the network and take a fingerprint and burn it to cd and have my gateway check itself against the fingerprint each day and tell me what has been modified.  I don't know if anyone else has done something like this.

-Jon W.


On Wed, Jun 13, 2001 at 09:20:24AM -0500, Jon Larsen wrote:
> Jon -
> 
> I believe that any DENY entries are logged via syslog when using either
> ipchains or iptables. 
> 
> On the ipchains vs iptables debate - iptables uses "Stateful Firewalling"
> techniques (aka Stateful Inspection), not unlike the commercial package
> Firewall-1 (which runs on Solaris, Linux, Windows).
> Stateful inspection involves reviewing communication layer, application
> layer, and packet filtering as a whole to make decisions.  It's a little
> bit stronger on gauging what items to take into account when responding to
> a packet.
> 
> Phil can talk rings around me on the ipchains/iptables subject, so I won't
> try to bore you with my feeble attempt.
> 
> Here is what I usually do once I have the designated firewall box up and
> both interfaces running.
> 
> Get and install PMfirewall - very easy to setup and install, with a
> questionnaire type setup.  Also comes with an uninstall if you wish to
> rerun the questionnaire.  Setup scripts are easy to edit if needed.
> 
> Install Logwatch - daily summary reports for the system.  It'll show
> attempts on the system that it reads from the syslogs.
> 
> (if you are really interested in getting lots of email, install LogCheck
> in addition to LogWatch - it'll do a once an hour check on your logs -
> handy for monitoring system activity for a day)
> 
> Intall Portsentry - A nice package that'll respond to portscans,
> connection attempts, etc.  You can specify hosts to block, as well as
> hosts to ignore.  There are several settings for portsentry. 
> 
> Jon L.
> 
> PS - Now that I've posted again (for the first time in a long time),
> perhaps now we'll be able to tell both Jon members apart.
> 
> PPS - Freshmeat http://freshmeat.net should have all the mentioned
> programs listed in their database.
> 
> On Wed, 13 Jun 2001, Jon wrote:
> 
> > Date: Wed, 13 Jun 2001 08:29:32 -0500
> > From: Jon <thechunk at thechunk.dhs.org>
> > Reply-To: olug at bstc.net
> > To: Olug Mailing List <olug at bstc.net>
> > Subject: [olug] firewall
> > 
> > does anyone use ipchains or iptables as a firewall?  If you do I have some quick questions.  
> > How do you log addresses of people who attempt connections.  
> > Is iptables easy to go to from ipchains?  Is iptables superior to ipchains?
> > 
> > Thanks
> > -Jon
> 
> ----
> [ Jon Larsen, Net.Admin  | CAS, Inc.                 ]
> [ jlarsen at cas-online.com | 10303 Crown Point Avenue  ]
> [ 402.964.9998 x2075     | Omaha, NE  68134-1061     ]
> [ ICQ# 28192038          | http://www.cas-online.com ]
> [ Plain-Text Email Only! | ftp://ftp.cas-online.com  ]
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: olug-unsubscribe at bstc.net
> For additional commands, e-mail: olug-help at bstc.net

---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net

More information about the OLUG mailing list