[ale] DSL Data Points (Long and meandering)

Bob's ALE Mail transam at cavu.com
Tue Dec 19 14:04:02 EST 2000


Jeff,

> Bob -

> I'm curious - have you had occasion to evaluate Coyote Linux as an Internet
> firewall?  That's what I'm using for firewall/NAT on my DSL connection at
> home and while I feel OK about it, the lack of a cogent description about
> what it does and doesn't do kind of worries me.

I only trust what is specified and even then I prefer open source.

I'm not familiar with Coyote Linux.  Most firewalls only have the
equivalent to IP Chains and possibly a few additional things like
blocking TCP Half-Open and the Ping of Death.  Beware of even the
largest firewall/router vendors lying about their products' capability;
I've seen it with my own eyes.  Read the fine print!  Any Linux system
built in the last three years or so is immune to these.

If you specify that the firewall's Linux kernel reassemble fragmented
packets, even corrupt packets like the Ping of Death will not be passed
on to systems beyond the firewall.  This will not protect vulnerable
Windows systems behind the firewall from TCP Half-Open, though.

If you use Linux servers and only allow Windows boxes behind the
firewall to initiate http, https, ftp, pop3 (preferably pop3s), and
possibly smtp, and not be servers accessible from the Internet then
you're pretty safe.  The Windows boxes still would be vulnerable to
content attacks such as ILOVEYOU.

Having a Linux box with a sendmail daemon to accept corporate email can
block specific content viruses if programmed, though this is not a good
solution.  Snort can detect most of them in NEAR real time and log them.
Real time scanning of the log file can trigger the addition of an IP Chain
rule to block the source from further attacks and alert Admins, possibly
in time to stop the user from opening the email.  In the near future,
some email viruses may not require any action at all on the part of the
recipient.

The most recent versions of Sendmail could be hacked in a day or so to
block undesirable attachments such as VBS; I don't know of an open source
solution for this at this time.

> - Jeff

Bob Toxen
bob at cavu.com
transam at cavu.com                       [Bob's ALE Bulk email]
http://www.cavu.com
http://www.realworldlinuxsecurity.com/ [My new book: Real World Linux Security]
http://www.cavu.com/sunset.html        [Sunset Computer]
Fly-By-Day Consulting, Inc.      "Don't go with a fly-by-night outfit!"
Quality Linux & UNIX security and software consulting since 1990.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list