> Well, among other things, the firewall wouldn't have an IP address on
> the internet - and thus would be much harder to attack because a hacker
> can't make a direct connection to it. For another, you can filter based
> on the content of the packets, or the pattern of packets - for example,
> theoretically, packets that are part of an http connection request that
> contain the string "default.ida" and who's GET string is longer than a
> certain length could be denied.

That's easy. Use briding code to make a firewall (OpenBSD and Linux 2.2
support this, not sure about 2.4). Or simply use a non routeable IP, i.e.:

Internet
|
1.2.3.4
router
10.0.0.1
|
10.0.0.2
firewall
10.0.1.1
|
10.0.1.2
router
|
internal LAN

As long as you do not route 10.* (a few ISP's do, sigh) it cannot be reached
from the Internet. Alternatively you can just firewall everything coming to
the firewall, and have a third network card or modem to do management.

> According to the HogWash web page, "Instead of closing ports like a
> traditional firewall, it drops or modifies specific packets based on a
> signature match."

It's like ngrep, you can mess with network traffic, not sure why you're
using it on/as a firewall though.

> Thanks, everyone!
> ~Kyle Wheeler

Kurt Seifried, kurtseifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]