linux firewall with 2 wireless nics

hi, I just received an old p2 laptop that I would like to use it as a
linux firewall. The problem with it is that the ethernet port is
broken. I do have 2 wireless nics (1pcmia and 1usb) and was wondering
if I could put both of them on the laptop and still use it as a linux
firewall.

Is this possible??
if it is what are some security distros that one would recommend?
Smoothwall??

As an alternate the laptop already has win 2000 on it and I have tested
both wireless nics on it and they work. Is there some windows security
software that I could run that would act as a firewall for my network?

Any help would be greatly appreciated.

Thanks

Re: linux firewall with 2 wireless nics

CUIllini@gmail.com wrote:
> hi, I just received an old p2 laptop that I would like to use it as a
> linux firewall. The problem with it is that the ethernet port is
> broken. I do have 2 wireless nics (1pcmia and 1usb) and was wondering
> if I could put both of them on the laptop and still use it as a linux
> firewall.
>
> Is this possible??
> if it is what are some security distros that one would recommend?
> Smoothwall??
>
> As an alternate the laptop already has win 2000 on it and I have tested
> both wireless nics on it and they work. Is there some windows security
> software that I could run that would act as a firewall for my network?
>
> Any help would be greatly appreciated.
>
> Thanks
>

Man, go out and buy a wire/wireless AP router that's a packet filtering
FW router and stop playing. No solution Linux or Windows will have the
security features that the packet filtering FW router will have on the
wireless. You should get a router that uses Wallwatcher (free) and watch
the traffic to and from the LAN wire and wireless, as it can be hacked
on the wireless and someone can join the network and be all over the top
of the machines wired and wireless, even on a wireless router, let alone
what you're trying to do.

For what it's worth, the link may help you.
http://netsecurity.about.com/cs/wireless/a/aa112203_2.htm

Duane :)

Re: linux firewall with 2 wireless nics

On 13 Nov 2006, in the Usenet newsgroup comp.security.firewalls, in article
<1163477996.194250.23480@h48g2000cwc.googlegroups.com>, CUIllini@gmail.com
wrote:

>I just received an old p2 laptop that I would like to use it as a
>linux firewall.

I'm been using what is left of a 386SX laptop (no keyboard, no display,
no case) as a firewall for about ten years (initially dialin only, now
on cable with dialin as a backup).

>The problem with it is that the ethernet port is broken.

I'd junk it.

>I do have 2 wireless nics (1pcmia and 1usb) and was wondering if I could
>put both of them on the laptop and still use it as a linux firewall.

It should be possible, but I'd NEVER even consider it.

>Is this possible??

Possible? Yes. Practical? No.

>if it is what are some security distros that one would recommend?
>Smoothwall??

http://www.distrowatch.com There are well over three hundred Linux
distributions, and over a hundred tailored as firewalls. Personally, I'd
use a severely striped version - remember that the firewall is built in
to the kernel - and a comparitively simple script is all that is needed
to control the firewall.

[compton ~]$ wc /etc/rc.d/init.d/firewall
68 284 1992 /etc/rc.d/init.d/firewall
[compton ~]$

Golly-Gee GUI crap has no place on a firewall.

>As an alternate the laptop already has win 2000 on it and I have tested
>both wireless nics on it and they work. Is there some windows security
>software that I could run that would act as a firewall for my network?

That's funny. Let me say it again:

Golly-Gee GUI crap has no place on a firewall. Period. NO exceptions.

Old guy

Re: linux firewall with 2 wireless nics

Thank-you to both for your answers

I am behind a linksys router which does provide some security and I not
concerned about other people hacking into my network as I am monitoring
an infected machine on my network. I have one machine on my network
that runs XP and remains on all of the time. My concern is that even
though I have tried my best to protect it, it has been infected with
spyware and rootkits.

Thus, I really only want to monitor that 1 machine on my netwwork for
strange activity. I would just use a software firewall like ZoneAlarm
on it but, a rootkit can theoretically get past that.

Thus from my primative understanding of security, the only sure way to
monitor that computers traffic is to do with a separate computer.

any suggestions would be welcome

cu

Re: linux firewall with 2 wireless nics

CUIllini wrote:
> Thank-you to both for your answers
>
> I am behind a linksys router which does provide some security and I not
> concerned about other people hacking into my network as I am monitoring
> an infected machine on my network.

Why would you not be concerned about someone hacking into the wireless
side of a LAN situation and possibly being all over the machines wired,
wireless, infected or not infected? That don't make a whole lot of sense.

> I have one machine on my network
> that runs XP and remains on all of the time. My concern is that even
> though I have tried my best to protect it, it has been infected with
> spyware and rootkits.

It's called practice safehex and stop running around to dubious Web
sites and opening dubious emails. You can do things like making Firefox
your default browser so when you click on an unknown like, it starts
instead of IE. Only use IE when a site calls for IE, but I don't follow
that much myself. But I will put it out there to you. This like using
Mailwasher to not allow a dubious email to reach the machine, deleting
them at the pop3 server, if you want to use OE or Outlook.

http://www.claymania.com/safe-hex.html

>
> Thus, I really only want to monitor that 1 machine on my netwwork for
> strange activity. I would just use a software firewall like ZoneAlarm
> on it but, a rootkit can theoretically get past that.

For what? Why would you leave a machine on the LAN that's infected? It
makes no sense. If you want to monitor a machine, then you get on top of
it with the proper tools and see what's happening.

long
http://www.windowsecurity.com/articles/Hidden_Backdoors_Troj an_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html

short
http://tinyurl.com/klw1

But once a machine has been compromised, then you can't trust it anymore.

http://www.microsoft.com/technet/community/columns/secmgmt/s m0504.mspx

>
> Thus from my primative understanding of security, the only sure way to
> monitor that computers traffic is to do with a separate computer.
>
> any suggestions would be welcome

You should harden the NT based O/S to attack as much as possible.

http://majorgeeks.com/page.php?id=12
http://labmice.techtarget.com/articles/winxpsecuritychecklis t.htm

And from me to you, stay of the Internet with a machine using an account
with Admin rights.

Finally, use Wallwatcher to monitor traffic for the machines connected
to the Linksys router for dubious traffic with Wallwatcher (free).

http://www.sonic.net/wallwatcher/

My work is done here, good night.

Duane :)

Re: linux firewall with 2 wireless nics

Post removed (X-No-Archive: yes)

Re: linux firewall with 2 wireless nics

On 14 Nov 2006, in the Usenet newsgroup comp.security.firewalls, in article
<1163565653.259633.82340@h48g2000cwc.googlegroups.com>, CUIllini wrote:

>I am behind a linksys router which does provide some security and I not
>concerned about other people hacking into my network as I am monitoring
>an infected machine on my network.

There are two means to hack into the network. The first is by the
attacker entering via a service you are offering - such as a web, mail,
or file server. The two means of defeating this is to not offer any
unwanted service (a problem with systems that are configured by default
to offer everything because someone _might_ find it useful), and using
_any_ firewall capability to restrict access to those IP addresses that
you specifically want to allow. Your wireless link[s] [is/are] a
potential security hole, for the simple reason that few people bother
to read the manual that comes with the units and actually implement
even rudimentary security. Out-of-box configurations are not secure.
Some so-called "security" features are trivial to defeat/bypass.

The second way to hack in is to have the user invite you - have them
install mal-ware for you. This is the more common attack vector, because
most users are unwilling to take responsibility for their own actions.
Contrary to popular belief, there is no Mal-Ware Fairy that sneaks about
and installs mal-ware when the user isn't looking. The user is the one
doing the installs, either because they have enabled the "install anything
from anywhere" mode in the web browser (which is the only piece of software
they've "learned") and have clicked OK automatically, or have told the
computer to NEVER SHOW THIS WARNING MESSAGE AGAIN. Users don't want to
know anything about the computer or software it runs - because that is
obviously to much work. The number one computer bug is mankind!

>My concern is that even though I have tried my best to protect it, it
>has been infected with spyware and rootkits.

Why was the mal-ware installed by the users? Two common vectors are the
user installing some Wonderfool Helper Program, so that by clicking on
this icon they get taken directly to their favorite pr0n site or similar,
and their insistence on enabling all scripting and "Special Features" so
they can see the exact shade of crayon that some "friend" used to scrawl
a message and email them - complete with animation and sounds of their
dog chasing a motorcycle. If you need that style of "communication",
get a video phone that is not connected to your computers.

>Thus, I really only want to monitor that 1 machine on my netwwork for
>strange activity. I would just use a software firewall like ZoneAlarm
>on it but, a rootkit can theoretically get past that.

The firewall gets bypassed because the user wants to do something st00pid
and the firewall is either in the way (and gets disabled by the "Allow
This Connection" button), or was never designed to block content.

>Thus from my primative understanding of security, the only sure way to
>monitor that computers traffic is to do with a separate computer.

Monitor? Yes. But control, that is prevention, is a whole 'nother story.

Old guy

Re: linux firewall with 2 wireless nics

Sebastian Gottschalk wrote:
> Mr. Arnold wrote:
>
>
>>You should harden the NT based O/S to attack as much as possible.
>>
>>http://majorgeeks.com/page.php?id=12
>>http://labmice.techtarget.com/articles/winxpsecuritycheckl ist.htm
>
>
> Linking to offsite articles, but not even mentioning the official
> documentations "Windows XP/Server 2003 Security Guide" and the "Threats and
> Countermeasures" guide? There you'll also find reasonable benefit analysis
> including explanation of the default choice.
>
> Anyway, for an in-depth discussion of TCP/IP stack hardening, one can only
> refer to MSDN Online together with a good grip of TCP/IP knowledge.

I'll let you do it the next time. You can be of some kind of help here
you know, when you want to be.