|  |
|
| |
By: Da Sissop
Date: 5/10/00 11:20:07 AM
# Replies: 13
So yesterday I bought an intrusion-detection software package known as BlackICE (yoohoo, Cleotis? ring any bells?).
See, I was reading an article on security for your always-on internet connections (DSL, cable modems, whatnot), and I figured, what the heck, this looks like a pretty cool program for 40 bucks. So I bought it and downloaded it.
I'm not kidding, within five minutes of installing it, it reported to me that one of my wt.net neighbors was probing my machine for the presence of the "BackOrifice" hakkur-trojan-thingy. This is labeled as a "serious event" in BlackICE parlance.
I've had 3 other "serious" events logged in less than 24 hours, and a few *dozen* more "suspicious events"... mostly UDP port probes. I had no idea how often my machine would be under scrutiny.
Fun Fact: When I fire up my Half-Life game and it updates the internet server list, I get another dozen or so UDP port probes each time.
Response #1
By: Homer The Brave
Date: 5/10/00 8:54:46 PM
Your Neighbors Are Watching You
Response #2
By: Ralf
Date: 5/11/00 5:42:14 AM
Not Big Brother. Erm... Big Uncle?
Response #3
By: Homer The Brave
Date: 5/11/00 3:12:20 PM
Big Al.
Response #4
By: Ralf
Date: 5/12/00 6:17:26 AM
I like it! Big Al is the new mascot for meddling neighbors and local peeping toms.
I see a yellow T-shirt, with Big Al on the front: leaning his elbow out of the window of a passing car, winking conspiratorily at you as if to say "Yeah, I KNOW what you're up to!". He's a stubbly-faced man, 50-ish, black thatch of unkempt hair, an unlit cigar stub screwed into one corner of his mouth. He's got a pair of high-power binculars hanging from a strap around his neck, an camera with a telephoto lens hanging next to 'em, and a Secret-Service style hearing aid poked into one greasy ear.
Kind of the Santa Clause of Survelience.
Response #5
By: sooz
Date: 5/12/00 7:50:45 AM
Where'd you get this nifty thing, Fang?
Response #6
By: Da Sissop
Date: 5/12/00 9:52:22 PM
From this website right here. http://www.networkice.com/
Response #7
By: The Professor
Date: 6/20/00 8:50:54 PM
I've been thinking of making the upgrade to DSL. I thought about building a linux box that would act as a firewall and do ip masquerading (so all the pcs could share the net access)
Has anyone done this or something similar? I've seen a dozen programs that do probes so I know there are alot of wannabe hakkerz out there wanting to get my quicken files.
(if they would only ask - I'd tell them that I have a balance of $5.82 in my account)
TP
Response #8
By: The Sorcerer
Date: 6/20/00 9:57:34 PM
There are good HOW-TOOs all over the place on linux firewalls and proxies. NetMax makes a stripped-down Firewall-in-a-box Linux distribution that is supposed to be very simple to setup and manage via GUI.
I was going to use that on my DSL but it came down to a matter of already having a Cisco 2514 router, but not having a spare 486 to put a linux firewall on. So I'm using as the 2514 as my firewall, implementing NAT and some access lists to do filtering and to direct traffic from the outside world to different machines on my home network depending on what the traffic is. I.E. pointing a browser at my external address connects you to my webserver, pointing ftp at the same address connects you to my data/ftp server, and so on.
When I first put my machines on DSL (without firewall) my security logs were showing dozens upon dozens of probes and attempted breakins a day! (Some people have WAY too much time on their hands.) Haven't had hardly a blip since putting in the firewall.
Sorc'(Rev)
Sorc'(Rev)
Response #9
By: Ralf
Date: 6/21/00 6:23:32 AM
You can get hardware firewalls for $139.
I'm using the CNet 904B and am pretty pleased with it. Plus, it acts as a 5-port 100MB hub, and lets all the machines on my network share the cablemodem.
Plug and play, baby!
Response #10
By: The Professor
Date: 6/21/00 8:25:52 PM
Where is a good place to look for one of those CNet firewalls?
Response #11
By: Ralf
Date: 6/22/00 6:10:24 AM
I got mine from Buy.com.
But the price went up! They're now $163. Interesting... wonder if there's been a run on them?
Response #12
By: The Professor
Date: 6/22/00 7:35:22 AM
Wow. I checked the specs and it seems like it would work for me. Is it configurable by a telnet session or http session?
Response #13
By: Ralf
Date: 6/22/00 12:00:29 PM
HTTP. It's got a little tiny ROM-based web server with a couple of hard-coded pages you access via HTTP.
Totally configurable, too: expose ports on a case-by-case basis, or put a machine in the DMZ for network gaming. That's how I play Half-Life. :-)