[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ot: ultimate in firewall security :)
- To: silug-discuss <silug-discuss@silug.org>
- Subject: ot: ultimate in firewall security :)
- From: Casey Boone <caseyboone@gmail.com>
- Date: Fri, 1 Apr 2005 16:37:20 -0600
- DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=SJVLINX112uDok3/ZF3VeRtgD3/Pva2YQsYXUbXw1FvfXDZ3FE9+25O2+mQloioOQnuza93en0BC8gPHfjbzCBZjhy2+WZY2+/neTBpnRH/0GRrWFgThNTdzXHocl4mNHxb3caNzmj8HQ94l4EqbScVEfciy+uryLm5QM6SzGuI=
- Organization: Southern Illinois Linux Users Group
- Reply-To: Casey Boone <caseyboone@gmail.com>
- Sender: silug-discuss-owner@silug.org
a machine that i put in at a friend's office for his firewall i think
epitomizes the perfect firewall, although not by design.
you see, this machine has a problem. i havent managed to isolate it
other than it isnt the ram nor hard drive nor hard drive controller on
the mainboard (but past that i really havent tried honestly, dont see
the need at the moment)
the box in question does NAT/iptables/network traffic perfectly, it
just looses the ability to talk to the hard drive... at all. this box
previously was running as a stand alone webserver on rh7.3. it would
work great for about a week and a half and then it would stop serving
pages. you could ping it, and you could connect to ssh but your
connection would never bring up a prompt. as an experiment i let it
sit in this shape for 3 weeks (the site wasnt getting hardly any
traffic and the owner of the site was curious as well). never did
recover, couldnt even do a local login, the moment you did log in
locally that vterm would no longer be responsive to the system. if
you had a remote ssh session open to it when it stopped playing nice
with the hard drive the session would keep going but it wouldnt be
interactive unless you were already in an application and that
application did not need to touch the disk in any way. set up a cron
job to reboot it once a week, sort of a bandaid but it worked and the
owner of the box didnt want to replace it as long as the bandaid
worked.
the website got moved to a more permanent hosting machine somewhere
else and the box got retired and stuck under a table in a friend's
office. this friend had been using a netgear rt311 as his "firewall"
for quite a while. since he had the extra machine now i talked him
into using it as his firewall and dropping the rt311 since another
office in the same building was needing a router of some form (and he
owed them a favor).
i put fc3 on the box, set up NAT and iptables, and watched it go.
within 15 minutes of boot i could no longer ssh into the box. local
login attempts also failed. i would guess that something changed from
the 2.4 to 2.6 kernel accelerated the hard drive loss. NAT still
works perfectly. you can still ping the box. i have checked the logs
a couple of times and dont see any errors pertaining to the hard drive
(not that i truthfully expected any). no error message ever pops up
on the screen like one would expect with a hard drive failure. hard
drive works perfectly in another machine (and this behavior was going
on with a different hard drive as well that also works perfectly in
another machine). i tried a pci hard drive controller and got the
same behavior. so now, 15 minutes after it boots, the machine pretty
much cant be logged into locally nor remotely by anything. the only
listening service is ssh so pretty much unless there is a remote hole
in ssh that isnt patched this box should be completely resistant to
being rooted (and even if there is, depending upon what kind of
exploit they attempted and what they attempted to get the box to do,
it still has a pretty high chance of failure). all because of some
kind of weird hardware issue :)
just thought you guys would get a kick out of that machine
Casey
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.