Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Captain Crunch's New Boxes, Part II

timothy posted more than 12 years ago | from the whistle-whistle dept.

Security 423

micsaund writes: "It looks like the infamous Captain Crunch has been toiling away for 3 years on a firewall now known as the Crunchbox. It runs OpenBSD and is administered via a web-based interface. Steve Wozniak is quoted as saying it's 'next to un-crackable.' Check it out at ShopIP. The Register also has an article on it. As an aside, since the Linux Router Project (LRP) appears to have been sold-out and GnatBox is a tad expensive, is anyone aware of some kind of 'packaged' firewall with a slick interface available for free?" We mentioned Draper's venture into firewalls last year, but there's been some progress since then.

Sorry! There are no comments related to the filter you selected.

first fist (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3103235)

first fist is when you fist someone first in quake 3 arena

Dear Professor Linux... (-1, Troll)

Anonymous Coward | more than 12 years ago | (#3103306)

Dear Professor Linux,

How can I avoid soiling myself every time I hear wee French described as "cheese-eating surrender monkeys"?

Anxiously,
Francois P.

OPENBSD!@##!@@#! (-1)

RoboTroll (560160) | more than 12 years ago | (#3103242)

Sep 21, 1998 23:10 from Nicole Mannino
on the bash shell, how do i get irc to work under window? i tried -d'ing it,but that didn't work like it said it would. :(
[Unix And Networking> msg #100312 (17 remaining)] Read cmd ->
Sep 21, 1998 23:28 from Ritcshie
Is the probl
em that Irc(II?) doesn't understand your (X-)term type?
[Unix And Networking> msg #100313 (16 remaining)] Read cmd ->
Sep 21, 1998 23:29 from Nicole Mannino
well, without the -d it irc can;t display on window, but it works with it,except that it's kinda fucked up. not like lynx is fucked up on window, butstill not good
[Unix And Networking> msg #100314 (15 remaining)] Read cmd ->
Sep 21, 1998 23:36 from Nicole Mannino
oh yeah, i'm using osf1, if that helps.
[Unix And Networking> msg #100315 (14 remaining)] Read cmd ->
Sep 21, 1998 23:37 from Timothy McVeighnicole>
that's just an example of hwat an inferior os osf1 is. bust out the openBSD,they got a port for you, and window will work fine.
[Unix And Networking> msg #100316 (3 remaining)] Read cmd ->
Sep 21, 1998 23:39 from Ritcshie
Perhaps installing a new operating system isn't an option.
[Unix And Networking> msg #100317 (2 remaining)] Read cmd ->
Sep 21, 1998 23:43 from Timothy McVeigh
perhaps the fact that she chose a retard os over an 3l33t one like openBSD (askcisco) say that inctalling a new os isn't an option cause she's too dumb.
[Unix And Networking> msg #100318 (1 remaining)] Read cmd ->
Sep 21, 1998 23:45 from ImperialTimothy McVeigh>
Your posts are making no fucking sense at all. How could she install anew OS on a machine that isn't hers?[Unix And Networking> msg #100319 (0 remaining)] Read cmd ->
Sep 21, 1998 23:47 from Timothy McVeighimperial>
uh, it is her machine.[Unix And Networking> msg #100320 (1 remaining)] Read cmd ->
Sep 21, 1998 23:50 from Ritcshie
Oh, Christ. Can't you just _shut up_ about which goddamn unix OS is moregoddamn 3l33t than another? What's important is that it ain't M$. Beyondthat, why not try being _helpful_, instead of an _asshole_?
[Unix And Networking> msg #100321 (0 remaining)] Read cmd ->
Sep 21, 1998 23:53 from Timothy McVeighi AM
being helpful, the world wouldn't be such a horrible place to live in ifwe opened peoples eyes to the light of openBSD. try reading nfo, and you'dsee what i mean, this forum is for the advocacy and upholding of openbsd ONLY.
it's th3 k-r4dd3st 0S in the w0rld. and i don't know how you and imperial canbe in love with nicole when she doesn't run openBSD, simple as that.[Unix And Networking> msg #100322 (1 remaining)] Read cmd ->
Sep 21, 1998 23:56 from Dreamslayer (Forum Moderator)Enough. Stop it already. Please note the 'no flame' rule in the nfo.[Unix And Networking> msg #100323 (0 remaining)] Read cmd ->
Sep 22, 1998 00:08 from Nicole Mannino
www.pitt.edu/~nimst3/sajkfks
d.jpg is what i'm talking about when i say window..
[Unix And Networking> msg #100324 (5 remaining)] Read cmd ->
Sep 22, 1998 00:12 from Timothy McVeigh
www.openbsd.org is what i'm talking about when i say get a real VB c0d3rz OS.[Unix And Networking> msg #100325 (0 remaining)] Read cmd ->
Sep 22, 1998 00:15 from Automata
people: timothy mcveigh and friends are just trolling. please give it up andignore them. this very message is enough to give satisfaction to their anticsand self-validation. but please, avoid temptation and let's try and keep thediscussion meaningful and helpful.
[Unix And Networking> msg #100326 (1 remaining)] Read cmd ->
Sep 22, 1998 00:18 from Timothy McVeigh
automata: hush. just because you weren't elite enough to get on the b33tl3_bsdmailing list because you turned down the test drive doesn't mean you have totake your anger out on good people like me and dustin.
[Unix And Networking> msg #100327 (0 remaining)] Read cmd ->
Sep 22, 1998 00:26 from Zaphod Beeblebrox
Alright, this is just a quickie, and hopefully I won't be bashed for runningLinux instead of the 33l33t BSD, but here goes:
I'm trying to install the enlightenment window manager (RedHat 4.2, 2.0.30kernel), and I can't get th
e ImageMagick package installed. Here's the gccline it's puking on:
gcc -g -02 -o combine combine.o magick/.libs/libmagick.a -L/usr/local/lib -lX11-lm -L/usr/local/lib -lX11 -lm
... and here's the error:
ld: cannot open -lX11: No such file or directory
Obviously I'm no gcc expert, but just looking at the man page seems to tell methat the command line is okay. Ideas?
[Unix And Networking> msg #100328 (1 remaining)] Read cmd ->
Sep 22, 1998 00:31 from Timothy McVeigh
well, you know the obvious answer, the choice of VB c0d3rz round the world.or you could downgrade your kernel, it won't work with the 2.x.xx kernels.[Unix And Networking> msg #100329 (0 remaining)] Read cmd ->
Sep 22, 1998 00:38 from SexyFetusI'd just like to say that Nicole Mannino is one hot peice of ass![Unix And Networking> msg #100330 (0 remaining)] Read cmd ->
Sep 22, 1998 00:38 from KawasakiI take a 6 mos hiatas (spl) from the room, and I come back and we got 3l33t\/\/annabe mofos running around thinking they are god? Cmon.... Assholes> isdonw the hall, and on another BBS.
Knock it off and post somethin
g useful.I dont care how elite you think you are - youre being an asshole.
Now...any chance someone with NS3.2 or 3.3 could compile something for me?Its not that large... thanks :)[Unix And Networking> msg #100331 (1 remaining)] Read cmd ->
Sep 22, 1998 00:41 from Timothy McVeighlook, i am 3l33t.lump it or leave it.[Unix And Networking> msg #100332 (0 remaining)] Read cmd ->
Sep 22, 1998 00:42 from KawasakiYer a dumbshit, and you arent contributing a hill of beans to the room.[Unix And Networking> msg #100333 (2 remaining)] Read cmd ->

Troll 93 of 99 from the annals of the Troll Library [slashdot.org] .

Just make sure (5, Funny)

javaaddikt (385701) | more than 12 years ago | (#3103244)

that you don't have a modem in your crunchbox
:)

If you send it an MP3 of the correct frequency (3, Funny)

Twister002 (537605) | more than 12 years ago | (#3103252)

Can you get into it?

Timothy (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3103248)

I'm surprised he posted this story, since it doesn't involve MIT or a fucking Teddy Bear. Hey, I got an idea, why don't some of you MIT boys get around to stuffing a firewall into Timothy, rather than a switch into a Teddy Bear? For that, I would subscribe to Slashdot to see.

Re:Timothy (1, Redundant)

MisterBlister (539957) | more than 12 years ago | (#3103258)

me too.

Re:Timothy (0)

Anonymous Coward | more than 12 years ago | (#3103271)

Or how about we surgically transform Timothy some kind of a lobster-like creature?

That is wrong. (-1, Offtopic)

Mighty-Troll (549627) | more than 12 years ago | (#3103254)

EAT IT TIGERS. KU KICKS ASS! first ever 16-0 in the big 12. HAHHAhahaah.

Re:That is wrong. (-1)

trollercoaster (250101) | more than 12 years ago | (#3103465)


I concur with this post!

FUCK MIZZOU!

Re:That is wrong. (-1)

propstoalldeadhomiez (444303) | more than 12 years ago | (#3103495)

KU will choke in the big 12 tournament, don't worry.

Safe? (1, Flamebait)

spt (557979) | more than 12 years ago | (#3103256)

How many backdoors are there in it?

Re:Safe? (2)

MisterBlister (539957) | more than 12 years ago | (#3103307)

Just the one.

Re:Safe? (0)

Anonymous Coward | more than 12 years ago | (#3103342)

Well it's NOT based on linux, so it has a head start when it comes to security.

Free Firewall (3, Informative)

L053R (555186) | more than 12 years ago | (#3103257)

Check Out www.bbiagent.com cool, free, easy to use...

Smoothwall (4, Informative)

ViceClown (39698) | more than 12 years ago | (#3103259)

Installs in a snap, free download, stupendous interface, good support. I've used it for months now without a hickup. Just my $0.02

Smoothwall [smoothwall.org]

Cheers :-)

Re:Smoothwall (5, Informative)

GSloop (165220) | more than 12 years ago | (#3103308)

I've never used smoothwall, and I haven't gotten any support, so I am giving "hearsay" here...

But, from what I gather, and I have done some searching, Dick (aka Richard Morrell) seems to have a few screws loose. From all accounts, he is cranky and sometimes more than downright nasty.

His product is FREE though, you should just don your asbestos suit should you go looking for support. (View a few IRC logs etc. to get a feel for how "Dick" seems to view newbies and/or non-paying customers.)

Frankly, I'd rather do some extra work myself, than deal with people who are unsociable.

All standard disclaimers, YMMV etc.

Cheers!

Re:Smoothwall (3, Informative)

xtremex (130532) | more than 12 years ago | (#3103388)

Dick Moran is an asshole. I once asked him on IRC how I can upgrade software on the firewall myself, I got flames to no end, and my IP banned from the IRC server.

Re:Smoothwall (5, Informative)

Anonymous Coward | more than 12 years ago | (#3103349)

Well, I'm glad that you had nice experiences, but the general consensus seems to be that good support is a rare thing from Smoothwall (hence IPCop.org, I guess). They certainly carve bold new diretions for customers service! They'll swear at you, not answer emails, and not rarely answer specific questions (instead, cut-n-pastes are regular).

I'm not willing to post my emails between the developers, I, and other people in the company. I really don't want to be hassled by Smoothwall anymore. The funny thing is that I'm quite sure I'm unidentifable in the masses of people who might say such a thing ;)

(and this comes from a paying customer of Smoothwall Corp. - not a freeloader).

I *strongly* recommend any other distro. I didn't think customer service mattered much until I found a bug in their product and wanted them to fix it.

Re:Smoothwall (4, Informative)

TellarHK (159748) | more than 12 years ago | (#3103467)

Yep, Morrell is definitely someone to watch out for. He threatens, harasses, and insults practically anyone that doesn't tell him Smoothwall's the greatest thing since using the GPL as a way to fork off to a commercial product after getting overenthusiastic community ego boosting.

He's gone so far as to make legal quasi-threats against me and other critics of his treatment of Smoothwall users. He's driven away enough developers that the IPCop project was formed and seems to have done quite a good job at proving themselves to have intentions of being more than just another forked project. IPCop [ipcop.org] has performed just wonderfully for me since my abandonment of Smoothwall.

For the morbidly curious, I have an archive of my emailing back and forth with Richard on this webpage [mac.com] .

Correct Smoothwall Archive URL (2)

TellarHK (159748) | more than 12 years ago | (#3103493)

My bad.

Here is the correct link. [mac.com]

OT: $0.02 (1, Funny)

emmons (94632) | more than 12 years ago | (#3103427)

I do believe that everyone who usually writes "just my $0.02" on slashdot should change their comment to something a bit more universally understood. Perhaps: "just my 4 pages" ?

Just my 4 pages.

LRP "sold out" ? (4, Informative)

maggard (5579) | more than 12 years ago | (#3103260)

How so? They took offerings from VA Linux?

The mailing list is active, there are any number of distributions though few on the latest kernels, all appears kosher if not frantically active.

Was there any reason for this possibly very damaging statement?

Re:LRP "sold out" ? (5, Informative)

slamb (119285) | more than 12 years ago | (#3103458)

The mailing list is active, there are any number of distributions though few on the latest kernels, all appears kosher if not frantically active.

Was there any reason for this possibly very damaging statement?

Yeah, because at the linked site [linuxrouter.org] :

  • There have been no releases since 0.9.8 on 12 Sep 2000 (a year and a half).
  • The only news since then has been three seperate sponsers (Cyclades, VA, and Sangoma). It's not clear what the money is being used for.
  • The mailing list archives [linuxrouter.org] , give 404s on the -devel list. Only the users list seems to be active.
  • The "unstable" directory on the site contains only (besides the 0.9.8 release) a few kernel patches made to 2.2.19 in July of 2001.

On the other hand, this site [steinkuehler.net] seems quite active. I'm not sure what their relationship is.

Re:LRP "sold out" ? (0)

Anonymous Coward | more than 12 years ago | (#3103489)

You can't forget the harry browne for president 2000 banner.

FreeSCO (4, Informative)

groove10 (266295) | more than 12 years ago | (#3103261)

That's what I use on my little NAT/Gateway thing at home. Works like a champ. Web-based config + many other add-ons for this floppy distro. More put together than LRP IMHO. Check it out at: freeSCO.org [freesco.org] . The dicumentation is pretty good, although it may not be as secure as other distros.

Re:FreeSCO (1)

groove10 (266295) | more than 12 years ago | (#3103293)

I meant documentation... Should have previewed! Also check out picoBSD at: http://people.freebsd.org/~picobsd/picobsd.html [freebsd.org] . I've never used it but it appears to be a floppy distro of FreeBSD specific to firewalls / gateways / etc. Worth a look most likely.

Wozniak? (1, Troll)

HEbGb (6544) | more than 12 years ago | (#3103263)

Sorry, he's done some great things in the past, but what the hell does Steve Wozniak know about computer security?

Re:Wozniak? (0)

Anonymous Coward | more than 12 years ago | (#3103291)

Hell of a lot more than you ever will.

Consider that the topic involves more than just a discussion of i.p. spoofing.

Your concept of the total wouldn't make a pimple on Woz' butt....

Re:Wozniak? (1, Funny)

cscx (541332) | more than 12 years ago | (#3103323)

I can't really tell you, but I hear that the Woz knows a thing or two about putting toothpaste in the center of Oreo® cookies.

Re:Wozniak? (-1, Troll)

Anonymous Coward | more than 12 years ago | (#3103466)

>"I hear that the Woz knows a thing or two about putting toothpaste in the center of Oreo® cookies"

If you are suggesting that Woz has sodomized a Negro, I'll have you know that he did no such thing. Woz was sodomized *by* a Negro!

Who's more the troll? (-1, Troll)

Anonymous Coward | more than 12 years ago | (#3103475)

The troll or the troll who trolls him?

Sheesh.

Re:Who's more the troll? (0)

cscx (541332) | more than 12 years ago | (#3103499)

Who you callin' troll?

Read. Fifth paragraph down. [woz.org]

Re:Wozniak? (2, Insightful)

Drakin (415182) | more than 12 years ago | (#3103379)

He has the mentality for finding ways around security. Be it with technological gagets, or otherwise.

It's a matter of not knowing how, but thinking of how it could be attacked. Security isn't just about plugging holes, it's about thinking about new holes that could be used.

LinuxMandrake SNF (3, Informative)

DCowern (182668) | more than 12 years ago | (#3103264)

Single Network Firewall... runs off of a 2.2 kernel, easy to set up, and runs off a "slick web based interface". You can download the ISOs for free off their website.

Some linkage:

Re:LinuxMandrake SNF (0)

Anonymous Coward | more than 12 years ago | (#3103344)

Ran into BIG problems with updating with this one...dropped it adter blowing it up a few times and went to E-smith...

Re:LinuxMandrake SNF (2)

Yottabyte84 (217942) | more than 12 years ago | (#3103419)

Same problem here, and I can't get port forwarding to work right.

Re:LinuxMandrake SNF (1)

Perl-Pusher (555592) | more than 12 years ago | (#3103431)

I tried it, there's no support for a DMZ. So you can't use it to filter packets to your public servers and create a private LAN. I ended up using shorewall a set of scripts that are pretty easy to configure. I liked the Mandrake SNF web interface, but it wasn't flexible enough to suite our needs.

People shouldn't say these things! (4, Funny)

jaavaaguru (261551) | more than 12 years ago | (#3103267)

next to un-crackable

What does Steve Wozniak have against Captain Crunch? we all know what happened to Oracle when they made similar claims.

Re:People shouldn't say these things! (0)

Anonymous Coward | more than 12 years ago | (#3103315)

Yeah, but oracle is a big complex piece of software.

this is a small simple firewall.

Leave the web interface only open to the inside, and there is really nothing left to exploit.
Perhaps some as yet undiscovered DoS against the NAT or networking, but thats about it.

Re:People shouldn't say these things! (1)

zaffir (546764) | more than 12 years ago | (#3103473)

A DoS isn't exactly cracking...

Re:People shouldn't say these things! (3, Insightful)

mark-t (151149) | more than 12 years ago | (#3103405)

Maybe, except he didn't say that it _IS_ uncrackable, only 'next-to-uncrackable'. I realize that some may consider this nitpicking, but it isn't, really. Any non-trivial piece of software has bugs, and Steve Wozniak knows that just as well as any of us. This sort of comment is likely Woz's way of expressing the high degree of confidence he has in the product without making any sort of claim that could very possibly be proven false next week.

slashdotted already?!?? (2, Informative)

kemster (532022) | more than 12 years ago | (#3103269)

Looks like it's /.'d already, so use the power of the google [google.com] .

Coyote Linux (4, Informative)

servoled (174239) | more than 12 years ago | (#3103270)

Note sure if this qualifies, but it is a neat little floppy disk distribution that does nat. Check it out at http://www.coyotelinux.com/ [coyotelinux.com] .

Re:Coyote Linux (1)

GuanoBoy (196948) | more than 12 years ago | (#3103352)

I've run my home network behind Coyote Linux as well as a 30+ node office (with servers behind it) fir years and it's done a fantastic job. *and* all that off a floppy.

It takes minutes to download, install, and get running.

Re:Coyote Linux (0)

Anonymous Coward | more than 12 years ago | (#3103510)

I've been using Coyote since I got my cable modem about a year ago. Originally I had it on a Pentium 133 but then I migrated to a 486 that I took the hard drive and CD-ROM out of. It works great and now I'm using the Pentium 133 as a FreeBSD IMAP mail server, web server, NTP server, misc toy.

My home network has 5 PCs. I run VNC to home from work and a VPN the other way. No issues what-so-ever. Coyote is great.

JK

"The Day The Nazi Died" - Chumbawamba (-1)

Commienst (102745) | more than 12 years ago | (#3103274)

Band: Chumbawamba
Song: The Day The Nazi Died


We're taught that after the war the Nazis vanished without a trace
But batallions of fascists still dream of a master race
The history books they tell of their defeat in forty-five
But they all come out of the woodwork on the day the Nazi died
They say the prisoner of Spandau was a symbol of defeat
Whilst Hess remained imprisoned and the fascists they were beat
So the promise of an aryan world would never materialise
So why did they all come out of the woodwork on the day the Nazi died
The world is riddled with maggots--the maggots are getting fat
They're making a tasty meal of all the bosses and bureacrats
They're taking over the board rooms and they're fat and full of pride
And they all came out of the woodwork on the day the Nazi died
So if you meet with these historians I'll tell you what to say
Tell them that the Nazis never really went away
They're out there burning houses down and peddling racist lies
And we'll never rest again until every Nazi dies

OK, I'll be the first to bite (1)

bferrell (253291) | more than 12 years ago | (#3103275)

Why do you say the LRP has been sold out?

Clarkconnect (5, Informative)

Anonymous Coward | more than 12 years ago | (#3103276)

I use clark connect for my firewall. Its linux based wit a web admin, it displays usage reports, bandwidth graphs. Does nslookups and whois on people who try to hack you. Even displays "12.12.12.12 tried to use Code Red 2.0"
Also includes CUPS for printing.Samba for file sharing. OpenSSH and the web based admin uses ModSSL so its all encrypted.

Its frickin awesome! Is built from Redhat 7.2 and accepts all Redhat 7.2 RPMS.

Re:Clarkconnect (1)

xtremex (130532) | more than 12 years ago | (#3103397)

I used to use ClarkConnect. But I wanted to make an old 486 w/ isa NICs into a gateway/firewall. It only supoorts PCI cards. (true, you can configure it to work with ISA's, bit it's a pain in the ass)

tell him what you think... (0)

Anonymous Coward | more than 12 years ago | (#3103278)

icq #5310192
email crunch@webcrunchers.com

Re:tell him what you think... (2)

slithytove (73811) | more than 12 years ago | (#3103409)

:)

do you know him too?
he's a nice guy- goes to some of the same parties that I do.

~m

Free Firewall... (1, Informative)

Talez (468021) | more than 12 years ago | (#3103280)

Smoothwall [smoothwall.org] has been doing the job for me for ages... Only a 20 meg download for the ISO and you install the system off that... It's pretty cool!

Re:Free Firewall... (3, Interesting)

GSloop (165220) | more than 12 years ago | (#3103329)

Again, be wary of Dick (aka Richard Morrell).

From what I can gather, his attitude could use some serious positive adjustments.

He does provide a FREE fw, but it wouldn't excuse his behavior IMHO, should the IRC logs and such posted on the net turn out to be true.

Cheers!

Re:Free Firewall... (0)

Anonymous Coward | more than 12 years ago | (#3103343)

But if we all used programs based on the creator's attitudes, we probably wouldn't be using much on linux :P

from what i hear... (1)

jrs 1 (536357) | more than 12 years ago | (#3103281)

these machines will be given away in packets of cereal within the year ;) and you'll be able to access a trunk line with them!

Mmmm (0)

lobsterGun (415085) | more than 12 years ago | (#3103283)

Its Grrrrrreat!

... ohh sorry... wrong cereal.

Just wondering? (0)

Anonymous Coward | more than 12 years ago | (#3103288)

I was just at the lrp site and could find no indication of corporate money mongering or otherwise. What makes you say that they "sold out"?

Re:Just wondering? (-1)

I.T.R.A.R.K. (533627) | more than 12 years ago | (#3103341)

And then you'll come here, only to watch your page get lagged by the bigass Think Geek banner at the top. And the soon-to-be page-wide CNet style banner.
*shudder*
Did someone mention 'sold out'?

Snooze... (-1, Troll)

Anonymous Coward | more than 12 years ago | (#3103289)

Everything Unix [everythingunix.org] covered this a few days ago - you know, when it was news. :-D

Gnat box has a Free 5-user version (5, Informative)

young-earth (560521) | more than 12 years ago | (#3103292)

works great, easy to set up, floppy only, works on >= 486 machines. I've never seen it go below 98% idle on a 100MHz P5 with 5 hard-working machines filling a 768Kbps DSL line. You can pay $50 and get a DMZ added on to the free version, same price for a VPN license.

Download it from here [gnatbox.com] . This is a BSD based firewall, but no shell, nothing for a cracker to get onto it. Uses SSL web access (new in later versions) or a Winblows client for configuration.

Oh and one point that is heavily stressed in their marketing material - it's ICSA certified.

There is a small version for ~$750 street price that gives 25-user version with DMZ, no moving parts, runs off 12VDC.

Astaro Security Linux (4, Informative)

lethalp1mpslapper (238264) | more than 12 years ago | (#3103296)

This firewall is free for non-commercial use and has a web interface to boot. I've used this for sometime now. It supports VPN, incoming/outgoing email virus scan, IP accounting and routing. It will even update itself on the fly if you want. Here is the link: Astaro Security Linux [astaro.com]

P.S. - I don not work for these guys, I am just impressed by what they offer.

I'd dare to say.. (2, Funny)

Dr. Nonsense (116117) | more than 12 years ago | (#3103304)

"I'd dare to say, next to uncrackable, is crackable."
Dr. Nonsense, cofounder of the Nonsense School of Journalism and PR.

www.coyotelinux.com (2)

mikeage (119105) | more than 12 years ago | (#3103305)

Not quite GPL'ed, but a nifty single-disk solution. I liked it better than LRP since it has built in support for PPPoE, important to us Verizon lusers.

Re:www.coyotelinux.com (0)

Anonymous Coward | more than 12 years ago | (#3103357)

IS there any gateway/firewall with PPPoA? (prominant here in NZ, unfortunately)

Re:www.coyotelinux.com (2)

elmegil (12001) | more than 12 years ago | (#3103380)

I'll second the recommendation. Been behind coyote since I got DSL 15 months ago. It's a wonderful thing (and I don't have to have a HD making noise & heat in the closet).

Re:www.coyotelinux.com (2)

SubtleNuance (184325) | more than 12 years ago | (#3103445)

Coyote Linux is a derivitive of LRP. It *is* GPL (as it is really GNU/Linux (again, it is LRP)).

The (iirc) non-gpl part is the windows-based installer. But i think it is available gratis.

Ive built CoyoteGNU/Linux routers for friends, would recommend it.

Uncrackable? (1)

nochops (522181) | more than 12 years ago | (#3103312)

Uncrackable, perhaps...
UnSlashdotable, hell no!
Burn, baby burn!

On another note, I wonder if a good slashdotting could be considered ddos in court?

In related news... (0)

Anonymous Coward | more than 12 years ago | (#3103316)

Quaker Oats Co. announced it has filed a cease-and-desist order against Captain Crunch for trademark violation. The suit also says that the project also violates the DMCA, somehow.

Does anybody even know what a firewall is? (0)

Anonymous Coward | more than 12 years ago | (#3103330)

A firewall isn't a "black-box" that you drop into your network. It's fully customized to your needs. Buying a "boxed" solution is total crap. If your admin thinks he can secure your network by buying a firewall and plugging it in, get a new admin. The guy securing your network should know how to build a custom firewall anyway (which is cheaper).

Snort (1)

Roast Beef (2298) | more than 12 years ago | (#3103331)

He spoke at UIUC [uiuc.edu] 's Reflections/Projections [uiuc.edu] conference last year, and he showed us a bit of the Crunchbox. As far as we could tell, it was essentially a box with snort running to drop packets from anyone who tried an attack. Secure, yes, but also overly paranoid for most systems. Also, it pulls the CVS snort rules daily, so that's a potential weakness. It looked like it allowed you to view changes to the rules, but you didn't have to approve them in any way. I wasn't impressed.

This can't be a sign of Impending Doom... but... (0)

cscx (541332) | more than 12 years ago | (#3103337)

No matter what the advertisers say, doesn't Captain Crunch go soggy in milk really quickly? :D

Mine doesn't work (2, Funny)

khuber (5664) | more than 12 years ago | (#3103346)

I blew real hard and couldn't get a tone out of
the damn thing.

-Kevin

prepared to be hacked (0)

Anonymous Coward | more than 12 years ago | (#3103347)

*linux as a router? ha ha ha ha ha ha

What the hell is wrong with you people? (2, Flamebait)

Wakko Warner (324) | more than 12 years ago | (#3103355)

is anyone aware of some kind of 'packaged' firewall with a slick interface available for free?

Yeah. It's called "stealing a copy of Firewall 1 from work". Sometimes you have to spend money for things.

- A.P.

Re:What the hell is wrong with you people? (2)

Yottabyte84 (217942) | more than 12 years ago | (#3103413)

Mandrake's one is free, but I don't reccomend it. I've had problems with port forwarding, and upgrading the sucker is flakey. The intreface is pretty tho.

freesco (2)

caffeineboy (44704) | more than 12 years ago | (#3103356)

When friends want to share a cable modem I usually go over to the local computer surplus sale and get 2 PCs that have NICs in them and a HDD and intall freesco [freesco.org] .

It is based on an old kernel, and doesn't have socks so not everything will work, but it's easy to set up and even an idiot can use the web-based panel.

For a super low hassle setup I'd recommend it. It goes right onto an ex DOS PC, no re-formatting or anything.

IPCop (2, Informative)

cyroth (103888) | more than 12 years ago | (#3103358)

Give IPCop [ipcop.org] a go. Very similar to Smoothwall without the "attitude" that some people suffer from.

Re:IPCop (2, Informative)

freeio (527954) | more than 12 years ago | (#3103448)

IPCop is excellent for probably 90% of the firewall needs for individuals and small businesses. It is based on linux kernel 2.2.20 and ipchains. It is GPLed, has a quality web interface, and installs fast and easy. Furthermore, the user list is friendly and helpful. I downloaded the iso for it, wrote it to a cd, and then took about 15 minutes start to finish with the initial installation. After that, the fine tuning was handled over a very intuitive web interface. I would rate it a 9.5/10.

Lets not forget Arthur C. Clarke... (0)

Anonymous Coward | more than 12 years ago | (#3103370)

Steve Wozniak used to be a phone phreak...
that's how he and Steve Jobs got their initial capital for the Apple startup.

When one thinks of Arthur C. Clarke's rule that "when an elderly scientist says that something is possible, he is almost certainly correct: when an elderly scientist says that something is impossible, he is almost certainly wrong", I just get a little twitchy when Steve Wozniak claims that something is nearly uncrackable....

Re:Lets not forget Arthur C. Clarke... (0)

Anonymous Coward | more than 12 years ago | (#3103486)

When a dead author's quotes are used over and over and over, and they're not that good to begin with, it's time to move on with life.

SINCE WE'RE ON THE SUBJECT... (3, Interesting)

kir (583) | more than 12 years ago | (#3103372)

Fast, reliable, application level proxies - with the ability to log at different levels (and run on linux).

Where can these be found?

Both generic tcp/udp proxies and application aware "smart" proxies (i.e. H.323, NetMeeting, RealAudio, etc.). I know a lot of this funationality exists in the kernel, but I'd love to have proxies for those pesky protocols that decide on random high ports. If it could see and understand the "conversation", it could then, on the fly, proxy the appropriate (randomly selected) ports.

If I am completely missing something here (i.e. I'm a moron?!), let me know. I can take it. I think??

What about Bodacion's HYDRA? (0)

Anonymous Coward | more than 12 years ago | (#3103384)

http://www.bodaction.com

comments?

Bush and Blair nominated for Nobel Peace Prize (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3103390)

Yes, OT, but this is bizarre and silly. You have to do a little more than declare War on Terrorism to get a nobel peace prize. Here is a page about it:
http://www.eskimo.com/~cwj2/actions/bushblairnobel .html

Is nothing sacred??

I have a pretty tight setup.. (0)

Anonymous Coward | more than 12 years ago | (#3103391)

2wire connection share/firewall behind a linksys router behind a Raptor firewall behind a Configure-1 firewall behind a linux-based IPTABLES firewall.... I think I'll be okay.. how about you?

FloppyFW (0)

Anonymous Coward | more than 12 years ago | (#3103393)

FloppyFW [zelow.no] , a linux distribution has been featured on slashdot several times, and works very well. It fits on a 1.44 floppy and has many ad-in modules including a DHCP and web server, as well as syslog. Versions on the 2.2 and 2.4 kernel, and active newsgroup support. Check it out.

Is a remotely updatable firewall a good thing? (4, Insightful)

gwernol (167574) | more than 12 years ago | (#3103406)

From the page at iShop.com:

The latest attack signature libraries can be automatically updated from a centralized source of the computer security community.

I am certainly not a security expert, but this seems like a potential weak point. If they can automatically change the rules the firewall uses, then in theory someone else could as well, if they cracked the update protocol.

Does anyone know how they protect these updates so that they can't be intercepted and broken?

Re:Is a remotely updatable firewall a good thing? (2)

buffy (8100) | more than 12 years ago | (#3103494)

I am certainly not a security expert, but this seems like a potential weak point. If they can automatically change the rules the firewall uses, then in theory someone else could as well, if they cracked the update protocol.

It all depends upon the security posture of your company. The same question can be made of outsourcing security services in general. Some companies are too small and/or do not have the internal expertise to property manage an integrated solution, and rely on services and solutions from third party companies. In essense, you are putting you the family jewels in someone else's hands.

So, allowing your firewall/ids to go out and fetch the latest ruleset may be OK if you're already willing to trust as it is.

Not saying that I don't consider it a problem--it's just something that has to be taken in check with your needs and resources.

h4x0r3d? (2, Funny)

EchoMirage (29419) | more than 12 years ago | (#3103414)

Steve Wozniak is quoted as saying it's 'next to un-crackable.'

...and as soon as the story was posted, the screen read "j00've b33n h4x0r3d" and nature once again revealed its irony.

is it really that great? (1)

trelaneopn (563678) | more than 12 years ago | (#3103426)

the server is lagged as hell, if it cannot protect against the slashdot effect, the single greatest denial of service attack known to the internet... is it really worth all the money on the page I cant even access to buy it?

Coyote Linux (2)

mcrbids (148650) | more than 12 years ago | (#3103432)

Used it, like it. Typical "on a floppy" distro... check it out here [coyotelinux.com] . Comes w/SSH for remote support. Dunno about "Slick Interface" but for a CLI junkie like myself, it's cool.

It's a great way to make that ole' Packard Bell 486 come back to life!

Eh? OpebBSD is *easy* (2)

zulux (112259) | more than 12 years ago | (#3103438)

I hate to be a prat, but what's the point on adding a web-based interface to OpenBSD. The whole OS is damn easy to setup - the man pages are idiot proof and the documentation on installation are wonderfull. There are some rough spots that look a bit difficult if you don't have OpenBSD's documentation on hand - so keep another computer nearby to browse the web and man pages.

Hints:
Buy the OpenBSD CD - they are bootable and support the project.
Learn a bit of VI beforehand for editing those text files - of course other editors are available but VI comes built in.

Other hints:
Trust Theo and his friends to get the operating system secure - not a has-been cracker cashing in on name recognition.

File systems (3, Funny)

Beowulf_Boy (239340) | more than 12 years ago | (#3103450)

I've tried several different types of Firewall distros. Coyote, Smoothwall, that Mandrake one, etc. I finally settled on Freesco, because it runs off the fat32 filesystem. All of the other ones are basesed on non-journaling Filesystems (Ext2). And my electric goes out quite frequently.

ClarkConnect is Easy and Free... (2, Informative)

Timodious (178572) | more than 12 years ago | (#3103468)

Please check out ClarkConnect [clarkconnect.org] ... it's a great little firewall based on RedHat 7.2. It gets regular updates, and has an active user community.

e-smith is just good for me (0)

Anonymous Coward | more than 12 years ago | (#3103480)

linux e-smith [e-smith.org]
Got a Free masquerade/firewall solution (SME Server V5)
Download [e-smith.org] and burn a autoboot CD and you turn in 15 minutes a old pentium into a fully featured home server/firewall box.
Can't tell about the security, but it's free and apparently well done

Bastille Linux? (1)

outofoptions (199169) | more than 12 years ago | (#3103491)

OK. The interface isn't slick.

FWTK: Not a fancy interface... (4, Interesting)

tkrotchko (124118) | more than 12 years ago | (#3103492)

...but a solid firewall.

http://www.fwtk.org/main.html

There's still a lot of support and I believe an active mailing list.

I put one together 5 years ago, and the company I work for still uses it for their mailing host.

Interface? There is none. But it works pretty damned good if you're willing to spend 1 day understanding how it works.

Not a bad deal.

May I suggest IPCop (1)

brianc (11901) | more than 12 years ago | (#3103497)

http://www.ipcop.org/ [ipcop.org]

It started as a fork of SmoothWall (without [slashdot.org] the [heise.de]
attitude) and has grown steadily since.

I encourage everyone to check it and the mailing lists [ipcop.org] out!

This article is a perfect example... (0, Flamebait)

talks_to_birds (2488) | more than 12 years ago | (#3103509)

...of just why /. does not deserve for one moment to be a subscription-based service.

"News for nerds..."

Check the byline on the article at the Reg®:

Woz blesses Captain Crunch's new box
By Andrew Orlowski in San Francisco
Posted: 27/02/2002 at 21:31 GMT

This f*cking article was up on the Reg® on the f*cking 27th of February!

In the world *I* live in, that was last Wedesday!

How the f*ck does this qualify as "news"?

Answer: it doesn't!

And this is the level of quality that we are now being asked to pay for!

Forget it!

This topic is *olds* -- and it's *real* typical of what passes for *news* here at /.

t_t_b

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?