0
0
0
s2sdefault

Early this year, I discovered my server was acting... kinda wonky (details here). In short, I feared that my server had been hijacked for some other, nefarious purposes. After that, I decided to start a forensics analysis, detailed here. 8 months later, after much additional research, I am looking back at my notes and writing up my "final word" on the matter.

0
0
0
s2sdefault
0
0
0
s2sdefault

In an earlier article, I "reviewed" 4 different Open Soure UTM (Unified Threat Management) products, and 1 closed source (but still free) product. While not necessarily Open-Source, it still fits well within my "Zero-Cost" Proof-of-Concept. Here I will cover my experiences with actually installing it on an old desktop PC, configuring, and configuring it as a firewall.

0
0
0
s2sdefault
0
0
0
s2sdefault

I am working to have a network setup using as much open-sourced software as possible. This website is a perfect example; Linux Webserver and Joomla, and Open-source website framework. The next thing on my list of open-source softrwares is a good UTM Firewall device. For the uninitiated, UTM stands for Unified Threat Management. As opposed to just a basic firewall that blocks and allows traffic, I want something that offers a complete package, with Site-to-Site (IPSec) VPN, Client-to-Site (Remote Access) VPN, and easy-to-use management. There are a number of options that would possibly fit this bill. Here is a rundown of the Firewalls I have found and how they do/don't work.

0
0
0
s2sdefault
0
0
0
s2sdefault

I had come across an old Nokia IP260 here at work. The device is long since end-of-life, no longer supported, won't be RMA'd... It can only run versions of IPSO and Checkpoint so ancient that it borders upon useless (and in fact maybe even dangerous). But the hardware works perfectly fine. It boots, loads, and all Checkpoint services operate, if you can get your hands on a license (which you can't, really, because it is so old, end-of-life, and unsupported). So what to do with the hardware? Sure I can cannibalize it for a 20GB Laptop HDD and 1GB Flash card, but the device workes better as a whole... It would be nice to make it function in some manner.

The IP Appliance Operating System, IPSO, is based off of FreeDSB. pfSense is based off FreeBSD. Looks like a match made in heaven. I've read some articles and forum posts about getting different OSes running on IP330, IP560, IP380, etc... But nothing on an IP260. Here is my work at attempting this, and the discoveries made along the way.

0
0
0
s2sdefault
0
0
0
s2sdefault

At work we have a lab network. And while one would think that the lab network would be more permissive than the corporate network, in all reality, it's less permissive. MAYBE it's the same, but I doubt it. I wanted to find out what ports were open to the outside world so I could find out how I can access any kind of server(s) at home. From the lab network, it is very easy to perform the scan with nmap. But what about the responses? I had (and still have) a web server running at the time, and while I was certain it would respond to ports 22, 80, and 443; that still leaves another 65,532 other possible ports. How do I get my server to just blindly respond to all those other ports, without having any real applications installed/running?

After much trouble, I eventually found a scapy script to do exactly what I wanted, just blindly respond to any packets on any/all ports! Read on for more details...

0
0
0
s2sdefault