want a simple firewall

Discussion in 'Computer Security' started by Rick Merrill, May 13, 2006.

  1. Rick Merrill

    Rick Merrill Guest

    I want a simple (a.k.a. cheap) firewall to protect a LAN that has an FTP
    server (and maybe an http server). It should require a password to login
    (I'm not keen on managing a VPN) and nothing else.

    The FTP server protects itself very well, but it gets attacked so often
    it logs all the attacks! (it's IP is not in DNS so they must have
    sniffed it?)

    Simpler the better, Thanks.
     
    Rick Merrill, May 13, 2006
    #1
    1. Advertising

  2. Rick Merrill

    jcw248 Guest

    What OS platform are you running the Server on?
     
    jcw248, May 14, 2006
    #2
    1. Advertising

  3. Rick Merrill

    Rick Merrill Guest

    wrote:

    > The cheapest is a Linksys Router, which has a very simple interface.
    > There are also other low end router/firewalls that are all under $100
    > dollars. Their are also software firewalls and linux comes with
    > iptables built in.


    Got that but it doesn't stop the script kiddies from trying to find the
    password for the "administrator" on the FTP server (they won't take the
    hint that there IS NO 'admin."!
     
    Rick Merrill, May 14, 2006
    #3
  4. Rick Merrill

    Rick Merrill Guest

    jcw248 wrote:

    > What OS platform are you running the Server on?
    >


    It's a Linux server.
     
    Rick Merrill, May 14, 2006
    #4
  5. From: "Rick Merrill" <>


    |
    | Got that but it doesn't stop the script kiddies from trying to find the
    | password for the "administrator" on the FTP server (they won't take the
    | hint that there IS NO 'admin."!

    Sounds like you need a FireWall appliance that examines all FTP packets and will block or
    reject activity based upon a set of rules.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, May 14, 2006
    #5
  6. Rick Merrill

    Guest

    The cheapest is a Linksys Router, which has a very simple interface.
    There are also other low end router/firewalls that are all under $100
    dollars. Their are also software firewalls and linux comes with
    iptables built in.

    On Sat, 13 May 2006 18:42:05 -0400, Rick Merrill
    <> wrote:

    >I want a simple (a.k.a. cheap) firewall to protect a LAN that has an FTP
    >server (and maybe an http server). It should require a password to login
    >(I'm not keen on managing a VPN) and nothing else.
    >
    >The FTP server protects itself very well, but it gets attacked so often
    >it logs all the attacks! (it's IP is not in DNS so they must have
    >sniffed it?)
    >
    >Simpler the better, Thanks.
     
    , May 15, 2006
    #6
  7. Rick Merrill

    Rick Merrill Guest

    David H. Lipman wrote:
    > From: "Rick Merrill" <>
    >
    >
    > |
    > | Got that but it doesn't stop the script kiddies from trying to find the
    > | password for the "administrator" on the FTP server (they won't take the
    > | hint that there IS NO 'admin."!
    >
    > Sounds like you need a FireWall appliance that examines all FTP packets and will block or
    > reject activity based upon a set of rules.
    >


    Isn't "giving the password" a simple enough rule?-)
     
    Rick Merrill, May 15, 2006
    #7
  8. Rick Merrill

    jcw248 Guest

    are you using sftp?
     
    jcw248, May 15, 2006
    #8
  9. Rick Merrill

    jcw248 Guest

    You could try firestarter I have read about it. It is Open Source
    Firewall
     
    jcw248, May 15, 2006
    #9
  10. Rick Merrill

    Rick Merrill Guest

    jcw248 wrote:
    > You could try firestarter I have read about it. It is Open Source
    > Firewall
    >


    Thanks for the suggestion. I'll check it out.
     
    Rick Merrill, May 15, 2006
    #10
  11. Rick Merrill

    Rick Merrill Guest

    Re: want a simple firewall = hardware

    Can anyone recommend a hardware solution?
     
    Rick Merrill, May 15, 2006
    #11
  12. Rick Merrill

    Gerard Bok Guest

    Re: want a simple firewall = hardware

    On Mon, 15 May 2006 08:57:59 -0400, Rick Merrill
    <> wrote:

    >Can anyone recommend a hardware solution?


    Sure. Almost any old PC with 2 network cards.

    Smoothwall Express 2.0 (www.smoothwall.org) or IPCop
    (www.IPcop.org) and you'r in business :)

    Note: any old PC means: Pentium I with 64 MB or better :)

    --
    Kind regards,
    Gerard Bok
     
    Gerard Bok, May 15, 2006
    #12
  13. Rick Merrill

    Guest

    I would consider a simple Linksys router/firewall. They are cheap and
    easy to configure.

    Another great solution, but one that considers a box is just using
    linux.

    Cisco now offers low end Pix, and Sonicwall has a SOHO firewall that
    is fairly inexpensive.

    On Sat, 13 May 2006 18:42:05 -0400, Rick Merrill
    <> wrote:

    >I want a simple (a.k.a. cheap) firewall to protect a LAN that has an FTP
    >server (and maybe an http server). It should require a password to login
    >(I'm not keen on managing a VPN) and nothing else.
    >
    >The FTP server protects itself very well, but it gets attacked so often
    >it logs all the attacks! (it's IP is not in DNS so they must have
    >sniffed it?)
    >
    >Simpler the better, Thanks.
     
    , May 15, 2006
    #13
  14. Rick Merrill

    Todd H. Guest

    Re: want a simple firewall = hardware

    Rick Merrill <> writes:
    > Can anyone recommend a hardware solution?


    If you have an old pc with 2 nic's and don't mind the noise, heat and
    power dissipation that's one approach.

    Here's another:
    http://www.soekris.com/

    And consider an OpenBSD based bootable router distro on it.
    http://www.nmedia.net/~chris/soekris/


    Or a Linksys WRT54G is an embedded platform for which there is open
    source firmware that can overlay and do all sorts of neat stuff:
    http://en.wikipedia.org/wiki/WRT54G#Third-party_firmware_projects

    But be careful about hardware revs--what's sold now may not work with
    3rd party firmwares out there, etc.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., May 16, 2006
    #14
  15. From: "Rick Merrill" <>

    | David H. Lipman wrote:
    >> From: "Rick Merrill" <>
    >>

    |>> Got that but it doesn't stop the script kiddies from trying to find the
    |>> password for the "administrator" on the FTP server (they won't take the
    |>> hint that there IS NO 'admin."!
    >>
    >> Sounds like you need a FireWall appliance that examines all FTP packets and will block or
    >> reject activity based upon a set of rules.
    >>

    | Isn't "giving the password" a simple enough rule?-)

    That's what the FTP Daemon does -- authenticate.

    You want something to block the non-wanted people trying to exploit vulnerabilities and
    search for flaws.

    Otherwise just get a *better* FTP Daemon.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, May 16, 2006
    #15
  16. Rick Merrill

    Wayne Guest

    Re: want a simple firewall = hardware

    "Rick Merrill" <> wrote in message
    news:...
    > Can anyone recommend a hardware solution?
    >
    >


    Cisco PIX 501 or 506e.
     
    Wayne, May 17, 2006
    #16
  17. Rick Merrill

    Rick Merrill Guest

    Re: want a simple firewall = hardware

    Wayne wrote:

    > "Rick Merrill" <> wrote in message
    > news:...
    >
    >>Can anyone recommend a hardware solution?
    >>
    >>

    >
    >
    > Cisco PIX 501 or 506e.
    >
    >


    Thanks, but it's a tad pricey, which was also part of "simple" ;-)
     
    Rick Merrill, May 17, 2006
    #17
  18. If you are comfortable with a command line interface and linux, then I
    highly recomend the linksys wrt54g/gs. The older versions of the wrt54g/gs
    ran open source os which people hacked. There are alot of 3rd party firmware
    versions but I prefer openwrt firmware. Most of the firmware versions are
    based off of the original linksys release source code. Openwrt is not edit
    linksys code but rather written from scratch.
    Here are some links

    Openwrt homepage
    http://openwrt.org/

    Linksys router info
    http://www.linksysinfo.org/

    On the front page there is a link to wrt54g harware revisions and an
    aftermarket comparision guide for the firmware.

    I've got a static ip and I'm running openwrt from a wrt54gs v2.1. There are
    two machines on the LAN: WinXP and Mandrake. I need to forward ports 3389
    (remote desktop) to the windows and 22 80 443 to the mandrake. The stock
    firmware can do all this but the mandrake needs to mount an nfs server,
    while I could forward all nfs related traffic to the mandrake but for
    safety, I only want to forward nfs traffic that came from IP x.x.x.x. The
    stock firmware can easily forward ports but it is difficult to get it to
    strict which machine it came from.



    Rick Merrill <> wrote:
    > I want a simple (a.k.a. cheap) firewall to protect a LAN that has an FTP
    > server (and maybe an http server). It should require a password to login
    > (I'm not keen on managing a VPN) and nothing else.


    > The FTP server protects itself very well, but it gets attacked so often
    > it logs all the attacks! (it's IP is not in DNS so they must have
    > sniffed it?)


    > Simpler the better, Thanks.
     
    Dean Sniegowski, May 22, 2006
    #18
  19. Rick Merrill

    Rick Merrill Guest

    Dean Sniegowski wrote:

    > If you are comfortable with a command line interface and linux, then I
    > highly recomend the linksys wrt54g/gs. The older versions of the wrt54g/gs
    > ran open source os which people hacked. There are alot of 3rd party firmware
    > versions but I prefer openwrt firmware. Most of the firmware versions are
    > based off of the original linksys release source code. Openwrt is not edit
    > linksys code but rather written from scratch.
    > Here are some links
    >
    > Openwrt homepage
    > http://openwrt.org/
    >
    > Linksys router info
    > http://www.linksysinfo.org/
    >
    > On the front page there is a link to wrt54g harware revisions and an
    > aftermarket comparision guide for the firmware.
    >
    > I've got a static ip and I'm running openwrt from a wrt54gs v2.1. There are
    > two machines on the LAN: WinXP and Mandrake. I need to forward ports 3389
    > (remote desktop) to the windows and 22 80 443 to the mandrake. The stock
    > firmware can do all this but the mandrake needs to mount an nfs server,
    > while I could forward all nfs related traffic to the mandrake but for
    > safety, I only want to forward nfs traffic that came from IP x.x.x.x. The
    > stock firmware can easily forward ports but it is difficult to get it to
    > strict which machine it came from.
    >


    Thanks for the tip.
     
    Rick Merrill, May 23, 2006
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    7
    Views:
    2,451
    R-Guy
    Jan 12, 2006
  2. Replies:
    0
    Views:
    473
  3. Replies:
    7
    Views:
    4,265
    Kimba W. Lion
    Jan 26, 2007
  4. Kim
    Replies:
    10
    Views:
    495
  5. MeekiMoo
    Replies:
    0
    Views:
    666
    MeekiMoo
    Jul 28, 2009
Loading...

Share This Page