Angelo Bertolli wrote: > Russell L. Harris wrote: > >> My LAN is protected by a machine running SmoothWall Express 2.0, >> acting as a firewall and router. Would an internal firewall package be >> useful in this environment? >> > As someone mentioned Linux already has an internal firewall.
Or rather, a DoD-grade TCP/IP stack secure enough to be trusted as part of a firewall system. It sounds like Mr. Harris is already taking advantage of this with his smoothwall box. > Depending on the state of your machine, once there is a root compromise, > there is only one or two sure-fire ways to see if you're a zombie. You missed the obvious one: fdisk, format, reinstall, restore known-good backup. This, of course, assumes the victim is following best practices, thus has a recent, working backup. > 1) Set up a brand new intermediate machine that captures all network > traffic from the machine you're questioning and see what it's doing. I'm not sure I'd trust a machine thought to be compromised even that much, but I'm paranoid. > 2) If you have a hash of all the files (like tripwire provides) on some > media that was NOT compromised, you can check those. tripwire is a good way to keep track of this. The upstream maintainer also sells similar software that lets you have more than one baseline and a neato web-based GUI to manage it with. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
