Ultimate Lead boxen
Results 1 to 8 of 8

Thread: Ultimate Lead boxen

  1. #1
    Junior Member
    Join Date
    Oct 2003
    Posts
    18

    Ultimate Lead boxen

    I want to place a security box outside of my router to the outside(internet)......On this box, I should have an IDS/Firewall/TrafficGrapher/TarPit....Of course it will be running linux...........But my problem is selecting software to use for this purpose. It will be under moderate loads(30-50k) @ all times........Any ideas for what to use and/or what I should put on the box?

    Specs:
    2x300p2(dual proc)
    256 mb ram
    9 raid 5 scsi

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Dumb question but why outside of your lan??

    And what exactly is this box's purpose?? Based on the items you've chosen, it sounds like a honeypot or IDS/Firewall (generally, it's preferable to separate services so single box for IDS, single box for firewall, etc.)

    My preferences (if it were me):

    IDS: Snort
    Firewall: iptables
    TrafficGrapher: tcpdump with an interface created in php or something like that
    Tarpit: LaBrea.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Junior Member
    Join Date
    Aug 2002
    Posts
    24
    i dont get the idea, you already have a router..what for the box you put outside ? As i know , if we dont have a router, we can use a computer as a router.
    May be someone could make more comprehensive explaination about it ?

  4. #4
    Junior Member
    Join Date
    Oct 2003
    Posts
    18

    clarification of layout of network

    Well this is how information will route into the network.........the connection to the Internet is coming off the provider's transmission medium.......then it will hit the ultimate boxen(security).........then it will hit another box for traffic shaping(Pentium 4), then it will hit a simple cheap router(Cisco 2500).........then the computers will attach to the router for DHCP, etc.......The design will be mainly of M&M security(hard outside, chewy inside).......

  5. #5
    Senior Member
    Join Date
    Apr 2002
    Posts
    634
    Forgetting to protect strongly your inside will probably lead you to problems, but it is not directly related to your question. I agree totally to what MsMittens said, you should use one box for your firewall/traffic grapher and another one for your IDS. This second box could be deeper in your network since you can already watch a lot of information with your first box, and since you should be more frightened about what enter than about what is blocked (even if monitoring what is blocked give a lot of useful informations also). This solution would also curb down possibilities of ttl based tricks in TCP packets.
    Life is boring. Play NetHack... --more--

  6. #6
    Banned
    Join Date
    May 2003
    Posts
    1,004
    As you desire to use Linux, I suggest SE-Linux. While it is true that other more secure Linux solutions exist, this is the best free one.

    http://www.antionline.com/showthread...590#post674590

    catch

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I'd move the IDS to the Pentium 4 box ("traffic shaping"), otherwise it will pick up ALL traffic external to you and what doesn't necessarily go to you. The IDS is the "burgalar alarm" when someone breaks into your network, after they've gone past the firewall.

    Otherwise, sounds like an interesting setup.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8
    Senior Member
    Join Date
    Sep 2003
    Posts
    156
    I agree with what MsMittens suggests in terms of software, but IMHO I would use MRTG for a traffic grapher rather than tcpdump. Although I've never used tcpdump before, I know MRTG is built specifically for graphing trends such as bandwidth. I'm not sure if tcpdump can do this.

    MRTG

    it's available for *nix and Windoze


    just my $.02
    t.e.k.n.o.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •