Hi, Someone is port scanning every single port on my machine, here are a few examples. I run SuSE Linux 8.1, and the firewall is dropping most of the attempts. Apr 18 19:28:59 dev kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:01:02:15:4f:e5:00:09:b6:6b:84:8c:08:00 SRC=195.86.128.45 DST=81.99.191.85 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=3621 PROTO=TCP SPT=56637 DPT=17319 WINDOW=2048 RES=0x00 SYN URGP=0 Apr 18 19:28:59 dev kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:01:02:15:4f:e5:00:09:b6:6b:84:8c:08:00 SRC=195.86.128.45 DST=81.99.191.85 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=22532 PROTO=TCP SPT=56637 DPT=13501 WINDOW=2048 RES=0x00 SYN URGP=0 Is there anything I can easily do to stop it. Adam
On 18 Apr 2003 20:06:48 +0100
Adam Leach
Hi, Someone is port scanning every single port on my machine, here are a few examples. I run SuSE Linux 8.1, and the firewall is dropping most of the attempts.
Apr 18 19:28:59 dev kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:01:02:15:4f:e5:00:09:b6:6b:84:8c:08:00 SRC=195.86.128.45 DST=81.99.191.85 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=3621 PROTO=TCP SPT=56637 DPT=17319 WINDOW=2048 RES=0x00 SYN URGP=0
Apr 18 19:28:59 dev kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:01:02:15:4f:e5:00:09:b6:6b:84:8c:08:00 SRC=195.86.128.45 DST=81.99.191.85 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=22532 PROTO=TCP SPT=56637 DPT=13501 WINDOW=2048 RES=0x00 SYN URGP=0
Is there anything I can easily do to stop it. Close as many ports as you can. That's why I prefer an external dedicated firewall or NAT box. Some ISPs scan their customers to fine out if they are running servers or any other security breaches.
--
Jerry Feldman
On Friday 18 April 2003 21:06, Adam Leach wrote:
Hi, Someone is port scanning every single port on my machine, here are a few examples. I run SuSE Linux 8.1, and the firewall is dropping most of the attempts.
Apr 18 19:28:59 dev kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:01:02:15:4f:e5:00:09:b6:6b:84:8c:08:00 SRC=195.86.128.45 DST=81.99.191.85 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=3621 PROTO=TCP SPT=56637 DPT=17319 WINDOW=2048 RES=0x00 SYN URGP=0
Apr 18 19:28:59 dev kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:01:02:15:4f:e5:00:09:b6:6b:84:8c:08:00 SRC=195.86.128.45 DST=81.99.191.85 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=22532 PROTO=TCP SPT=56637 DPT=13501 WINDOW=2048 RES=0x00 SYN URGP=0
Is there anything I can easily do to stop it.
Probably not, if you don't know who "someone" is. Keep using your firewall and avoid having ports open. -- Ch
On Fri, 2003-04-18 at 12:15, Jerry Feldman wrote:
On 18 Apr 2003 20:06:48 +0100 Adam Leach
wrote: Hi, Someone is port scanning every single port on my machine, here are a few examples. I run SuSE Linux 8.1, and the firewall is dropping most of the attempts.
Apr 18 19:28:59 dev kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:01:02:15:4f:e5:00:09:b6:6b:84:8c:08:00 SRC=195.86.128.45 DST=81.99.191.85 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=3621 PROTO=TCP SPT=56637 DPT=17319 WINDOW=2048 RES=0x00 SYN URGP=0
Apr 18 19:28:59 dev kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:01:02:15:4f:e5:00:09:b6:6b:84:8c:08:00 SRC=195.86.128.45 DST=81.99.191.85 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=22532 PROTO=TCP SPT=56637 DPT=13501 WINDOW=2048 RES=0x00 SYN URGP=0
Is there anything I can easily do to stop it. Close as many ports as you can. That's why I prefer an external dedicated firewall or NAT box. Some ISPs scan their customers to fine out if they are running servers or any other security breaches.
Isn't this already being dropped? "SuSE-FW-DROP-DEFAULT" The source is from the Netherlands: host 195.86.128.45 45.128.86.195.in-addr.arpa. domain name pointer kes.wirehub.nl Although they seem to be hitting your high ports: DPT=17319 and: DPT=13501 quick Google did not find anything. Matt
Apr 18 19:28:59 dev kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:01:02:15:4f:e5:00:09:b6:6b:84:8c:08:00 SRC=195.86.128.45 DST=81.99.191.85 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=3621 PROTO=TCP SPT=56637 DPT=17319 WINDOW=2048 RES=0x00 SYN URGP=0
Apr 18 19:28:59 dev kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:01:02:15:4f:e5:00:09:b6:6b:84:8c:08:00 SRC=195.86.128.45 DST=81.99.191.85 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=22532 PROTO=TCP SPT=56637 DPT=13501 WINDOW=2048 RES=0x00 SYN URGP=0
Is there anything I can easily do to stop it.
Adam
May I suggest adding a drop rule for everything coming from that address range The following might work. iptables -N drop-and-log-it iptables -A drop-and-log-it -j LOG --log-level info iptables -A drop-and-log-it -j REJECT iptables -A INPUT -i eth0 -s 195.86.128.45 -j drop-and-log-it Also start watching for other addresses with the same pattern. Then do a lookup on that network address find out what block it's on and block the entire address range. If you have an extra machine set it up as a honey pot directing traffic on an exploitable port to it from yoru firewall then leave an obvious exploit. As soon as you can log the person trying to enter. e-mail the address and yoru proof to the ISP and yoru local cyber crime unit.
May I suggest adding a drop rule for everything coming from that address range
The following might work.
iptables -N drop-and-log-it iptables -A drop-and-log-it -j LOG --log-level info iptables -A drop-and-log-it -j REJECT iptables -A INPUT -i eth0 -s 195.86.128.45 -j drop-and-log-it
iptables -A drop-and-log-it -j drop<< change this line to drop .. That way the port scanner will not be able to tell if the machine is still there or not.
Adam Leach wrote:
Is there anything I can easily do to stop it.
First, don't panic. Are you really sure that *every* port is being scanned? It may be nothing. Are you playing multiplayer games on your network? Are you using any sort of P2P app? Are you browsing the web? All of these can generate spurious packets that may or may not be legitimate, but may still be non-malicious. If it really is a dedicated attack -- and it may be -- then what everyone else is saying is true. Close up as many ports as you can. Drop the packets. Create burst-limit firewall rules. Don't respond to pings. Harden the services you do want to keep open. Welcome to being on the internet. ;-) Most people *are* being scanned or probed in some fashion or the other -- all the time -- and just don't know it. Once you start realizing how common this crap is, it'll scare you at first. Then you make sure you're secure, and you get over it. You just have to strike a balance with security, privacy, time, effort, and money. -- Regards, dk
So what are some of common tools used to track hack attempts that work well for Suse Linux? -Jim-
Adam Leach wrote:
Is there anything I can easily do to stop it.
First, don't panic. Are you really sure that *every* port is being scanned? It may be nothing. Are you playing multiplayer games on your network? Are you using any sort of P2P app? Are you browsing the web? All of these can generate spurious packets that may or may not be legitimate, but may still be non-malicious.
If it really is a dedicated attack -- and it may be -- then what everyone else is saying is true. Close up as many ports as you can. Drop the packets. Create burst-limit firewall rules. Don't respond to pings. Harden the services you do want to keep open.
Welcome to being on the internet. ;-) Most people *are* being scanned or probed in some fashion or the other -- all the time -- and just don't know it. Once you start realizing how common this crap is, it'll scare you at first. Then you make sure you're secure, and you get over it. You just have to strike a balance with security, privacy, time, effort, and money.
-- Regards, dk
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Fri, 2003-04-18 at 20:47, Rowan Reid wrote:
iptables -A drop-and-log-it -j drop<< change this line to drop .. That way the port scanner will not be able to tell if the machine is still there or not.
Thanks for the advice, but I've got a question. If you drop packets and software is trying to access your machine, could it cause the machine to attempt a request until it gets a response of some type. Regards Adam
Hi, Thanks for everyones advice. The attack is still continuing at a rate of around 10 attempts a second. Between around 4pm & 8pm I received just under 65000 attempts just from that one ip address. SuSE firewall is working well and no degrade in system performance, but some web sites are timing out and it gets a bit annoying. There is definately no P2P software running at the moment. I had used some before this attack started. I know that I get scanned all the time, however my /var/log/warn file for just yesterday was massive (at least 10MB), today it is well over 30MB. I wonder how I pissed this person off. Probably because I reported them for sending SPAM or something along those lines. The system seems really unsecure. I just did a simple port scan and found the following services running. I wouldn't normally do that, however the attack has now been going on for nearly 24 hours. Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on kes.wirehub.nl (195.86.128.45): (The 1583 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 80/tcp open http 111/tcp open sunrpc 443/tcp open https 513/tcp open login 514/tcp open shell 587/tcp open submission 1020/tcp open unknown 1021/tcp open unknown 1022/tcp open unknown 1023/tcp open unknown 2049/tcp open nfs 12346/tcp filtered NetBus 31337/tcp filtered Elite Nmap run completed -- 1 IP address (1 host up) scanned in 11 seconds I'm unsure what some of these services are. Regards Adam On Sat, 2003-04-19 at 03:42, David Krider wrote:
Adam Leach wrote:
Is there anything I can easily do to stop it.
First, don't panic. Are you really sure that *every* port is being scanned? It may be nothing. Are you playing multiplayer games on your network? Are you using any sort of P2P app? Are you browsing the web? All of these can generate spurious packets that may or may not be legitimate, but may still be non-malicious.
If it really is a dedicated attack -- and it may be -- then what everyone else is saying is true. Close up as many ports as you can. Drop the packets. Create burst-limit firewall rules. Don't respond to pings. Harden the services you do want to keep open.
Welcome to being on the internet. ;-) Most people *are* being scanned or probed in some fashion or the other -- all the time -- and just don't know it. Once you start realizing how common this crap is, it'll scare you at first. Then you make sure you're secure, and you get over it. You just have to strike a balance with security, privacy, time, effort, and money.
-- Regards, dk
On Sat, 2003-04-19 at 15:43, Adam Leach wrote:
Hi,
Thanks for everyones advice. The attack is still continuing at a rate of around 10 attempts a second. Between around 4pm & 8pm I received just under 65000 attempts just from that one ip address.
Report it to your ISP. They can block him at their external routers, and they can probably help you take action with the attacker's ISP
Hi there, On Sat, 2003-04-19 at 14:43, Adam Leach wrote:
Hi,
Thanks for everyones advice. The attack is still continuing at a rate of around 10 attempts a second. Between around 4pm & 8pm I received just under 65000 attempts just from that one ip address.
That is rather a hefty rate of connection attempts.
SuSE firewall is working well and no degrade in system performance, but some web sites are timing out and it gets a bit annoying.
They should not do that. The firewall should not block you from getting out ideally.
There is definately no P2P software running at the moment. I had used some before this attack started.
That will up the rate of connection attempts to your machine, but not to the levels you are describing.
I know that I get scanned all the time, however my /var/log/warn file for just yesterday was massive (at least 10MB), today it is well over 30MB.
I wonder how I pissed this person off. Probably because I reported them for sending SPAM or something along those lines.
The system seems really unsecure. I just did a simple port scan and found the following services running. I wouldn't normally do that, however the attack has now been going on for nearly 24 hours.
You did not describe from where you did the portscan. What is open on your machine if you scan from that machine might not be open to other hosts. Best is to scan from another host on the same segment of the network.
Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on kes.wirehub.nl (195.86.128.45): (The 1583 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp
Do you need to run an ftp server? They are known for being security problems.
22/tcp open ssh 23/tcp open telnet
Switch telnet off as well. Try and only use SSH if you can as that is a lot more secure and ssh does not transmit your password in clear text as telnet does.
25/tcp open smtp 53/tcp open domain 80/tcp open http 111/tcp open sunrpc
You running some r-services or NFS or something? You probably want to block external access to this service.
443/tcp open https 513/tcp open login 514/tcp open shell
You want to block access to login and shell here (rlogin/rsh) as they are not as secure as ssh.
587/tcp open submission
Your sendmail is configured to use port 587 for mail submission.
1020/tcp open unknown 1021/tcp open unknown 1022/tcp open unknown 1023/tcp open unknown
No idea what these are for, I'd be suspicious of anything that I am not 100% certain of what it is.
2049/tcp open nfs 12346/tcp filtered NetBus 31337/tcp filtered Elite
No idea what the NetBus stuff is, so I'd be naturally suspicious, and the Elite port tells me you have been had, as in hacked. Port 31337 is a known backdoor port.
Nmap run completed -- 1 IP address (1 host up) scanned in 11 seconds
I'm unsure what some of these services are.
If you are unsure of services, query with others what they are for, and if you think you will not use them, switch them off. Of course, if that breaks something you do on a regular basis, switch it back on, but perhaps limit external access to your machine. From what things look like, your box has been hacked. I am a pessimist, so I might be wrong, but if I were you, I'd isolate that box from the net, completely, then try and find a root-kit detector somewhere and try and find out how they got onto your box. Needless to say, if you were hacked, wipe the system and re-install from scratch to make sure there is no chance of anything they left behind to come back and haunt you.
Regards
Adam
HTH and Rgds,
--
Anders Karlsson
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 19 April 2003 7:49 am, Anders Karlsson wrote: you need to pay a little more attention...
On Sat, 2003-04-19 at 14:43, Adam Leach wrote: [...]
The system seems really unsecure. I just did a simple port scan and found the following services running. I wouldn't normally do that, however the attack has now been going on for nearly 24 hours.
He it talking about scanning the system INITIATING the attack, not his own system -- while in some cases this could be considered malicious, in this case it is easy enough to defend his actions for the reason he said: he has been under attack for 24 hours -- a single return scan to ascertain the status or capability of the attacker is a reasonable thing to do.
Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on kes.wirehub.nl (195.86.128.45):
note the IP address... [...]
1020/tcp open unknown 1021/tcp open unknown 1022/tcp open unknown 1023/tcp open unknown
No idea what these are for, I'd be suspicious of anything that I am not 100% certain of what it is.
12346/tcp filtered NetBus 31337/tcp filtered Elite
No idea what the NetBus stuff is, so I'd be naturally suspicious, and the Elite port tells me you have been had, as in hacked. Port 31337 is a known backdoor port.
I agree with the final analisys here -- the last for "privileged" ports [1020-1023], "elite", and netbus are reasonably good indications of hacked systems -- the actual owner of 192.86.128.45 may be completely unaware of the actions being taken by his system [though I'll bet internet access for THAT person seems "sluggish" ;) ] The "spam" you reported earlier may be due to a similar cause -- this system is a zombie, probably is an open relay [well, you did find sendmail to be open...] and probably at the top of many cracker lists of systems to own... hopefully the ISP of the other system will recognize this fact and take appropriate action [such as suggesting appropriate firewall software to their customer -- outright dropping service won't do anyone any good because the person who owns that system won't know it needs fixing...] - -- Yet another Blog: http://osnut.homelinux.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: http://osnut.homelinux.net/TomEmerson.asc iD8DBQE+oWbdV/YHUqq2SwsRAhMAAJ0WpBDeDAo6fIBYCQfvpIACl2WLfACgmfnX EAFYKvuwUv00FKfyOhZP3IA= =UE+x -----END PGP SIGNATURE-----
Just one more comment on port scanning.
As I mentioned earlier, it could actually be your ISP or a hacker. It is
not uncommon on cable modem networks to have your ports scanned. This is
why I recommend a dedicated firewall, whether a cable modem router, a
commercial firewall, or a home grown Linux firewall. One of the
advantages of a dedicated firewall is that your home system is somewhat
protected by anonymity.
--
Jerry Feldman
On Saturday 19 April 2003 16:15, Jerry Feldman wrote:
Just one more comment on port scanning. As I mentioned earlier, it could actually be your ISP or a hacker. It is not uncommon on cable modem networks to have your ports scanned. This is why I recommend a dedicated firewall, whether a cable modem router, a commercial firewall, or a home grown Linux firewall. One of the advantages of a dedicated firewall is that your home system is somewhat protected by anonymity.
I'm using linksys EtherFast® Cable/DSL Router with 4-Port Switch --BEFSR41-- It is very good, port stealth, mac address cloning, etc. Best Regards
On Saturday 19 April 2003 2:43 pm, Adam Leach wrote:
Thanks for everyones advice. The attack is still continuing at a rate of around 10 attempts a second. Between around 4pm & 8pm I received just under 65000 attempts just from that one ip address.
SuSE firewall is working well and no degrade in system performance, but some web sites are timing out and it gets a bit annoying
These last couple of days I've been getting a ridiculous number of scans logged by snort running on my Smoothwall firewall. Lots of attempted information leaks via proxy to port 8080 on a block of IP addresses. Going up the ports in numerical order...
SmoothWall IDS snort log Date: 19 April
Date: 04/19 07:50:10 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.99:1769 -> 194.117.133.38:8080 Refs:
Date: 04/19 07:50:13 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.99:1769 -> 194.117.133.38:8080 Refs:
Date: 04/19 07:50:15 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.99:1770 -> 194.117.133.36:8080 Refs:
Date: 04/19 07:50:17 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.99:1771 -> 194.117.133.198:8080 Refs:
Date: 04/19 07:50:23 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.99:1772 -> 194.117.133.196:8080 Refs:
Date: 04/19 17:54:01 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.143:1036 -> 194.117.133.118:8080 Refs:
Date: 04/19 17:54:06 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.143:1037 -> 194.117.133.54:8080 Refs:
Date: 04/19 17:54:06 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.143:1038 -> 194.117.133.4:8080 Refs:
Date: 04/19 17:54:40 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.143:1039 -> 194.117.133.40:8080 Refs:
I'm not quite sure what is happening here, whether someone is trying to bounce requests off my machine to get information from another block of IP addresses looking for something that could be vulnerable. Thinks to self... how's about posting this in one of the Smoothwall forums... I'll get back later with comments... Have fun :)
Is snort pretty easy to install and setup? Do I need to be running a firewall?
On Saturday 19 April 2003 2:43 pm, Adam Leach wrote:
Thanks for everyones advice. The attack is still continuing at a rate of around 10 attempts a second. Between around 4pm & 8pm I received just under 65000 attempts just from that one ip address.
SuSE firewall is working well and no degrade in system performance, but some web sites are timing out and it gets a bit annoying
These last couple of days I've been getting a ridiculous number of scans logged by snort running on my Smoothwall firewall. Lots of attempted information leaks via proxy to port 8080 on a block of IP addresses. Going up the ports in numerical order...
SmoothWall IDS snort log Date: 19 April
Date: 04/19 07:50:10 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.99:1769 -> 194.117.133.38:8080 Refs:
Date: 04/19 07:50:13 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.99:1769 -> 194.117.133.38:8080 Refs:
Date: 04/19 07:50:15 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.99:1770 -> 194.117.133.36:8080 Refs:
Date: 04/19 07:50:17 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.99:1771 -> 194.117.133.198:8080 Refs:
Date: 04/19 07:50:23 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.99:1772 -> 194.117.133.196:8080 Refs:
Date: 04/19 17:54:01 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.143:1036 -> 194.117.133.118:8080 Refs:
Date: 04/19 17:54:06 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.143:1037 -> 194.117.133.54:8080 Refs:
Date: 04/19 17:54:06 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.143:1038 -> 194.117.133.4:8080 Refs:
Date: 04/19 17:54:40 Name: SCAN Proxy (8080) attempt Priority: 2 Type: Attempted Information Leak IP Info: 213.48.100.143:1039 -> 194.117.133.40:8080 Refs:
I'm not quite sure what is happening here, whether someone is trying to bounce requests off my machine to get information from another block of IP addresses looking for something that could be vulnerable. Thinks to self... how's about posting this in one of the Smoothwall forums...
I'll get back later with comments...
Have fun :)
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Saturday 19 April 2003 9:31 pm, Jim Norton wrote:
Is snort pretty easy to install and setup? Do I need to be running a firewall?
snort was very easy for me because it is included with the Smoothwall system and only requires a little checkbox to be set to turn it on. Smoothwall is a distribution which turns an old PC into a standalone firewall cum internet connection sharing machine. I've got mine running on an old Pentium 100 with 32MB ram sitting in the cupboard with no monitor, mouse or keyboard connected (set to ignore all bios errors during POST), I control the machine via a web interface control panel. It has two interfaces, the modem to the outside world (set to dial on demand) and the network card that's connected to my five port switch, all the rest of my machines are connected to that switch. Smoothwall also supports cable modems and ISDN connections. For more information on Smoothwall, go to the GPL site (there is a commercial version available which has extra functionality) (Please note, SuSE themselves also produce a commercial firewall solution as well that runs entirely from CDrom) http://www.smoothwall.org/
participants (12)
-
Adam Leach
-
Anders Johansson
-
Anders Karlsson
-
Christian Andersson
-
David Krider
-
Jerry Feldman
-
jrn@oregonhanggliding.com
-
Marco Oliveira
-
Matt
-
paul cooke
-
Rowan Reid
-
Tom Emerson