[rescue] Fair Warning RPC Worm
Patrick Giagnocavo +1.717.201.3366
patrick at zill.net
Tue Aug 12 21:48:51 CDT 2003
On Tue, Aug 12, 2003 at 02:06:11PM -0400, Curtis H. Wilbar Jr. wrote:
> Depending on your network architecture... if there is a place on the
> ethernet where you can insert a firewall.. you can use OpenBSD as
> a firewall/filtering bridge. Completely transparent to traceroute, etc.
> Doesn't interrupt your network either... no reconfiguring, no routes to
> add, etc.
This works very well, and there are even tools that will let you
monitor bandwidth per-IP.
To get fancier, you can transparently do traffic shaping as well.
> It is quite a sweet setup, very stable, and works terrific. I even used
> a 200MB IDE flash drive to avoide moving parts.... in theory the flash
> drive will eventually fail (it does have a /var that is written to for
> logs.... the theory was eventually to NFS mount that... but then if the
> NFS server went away I don't know what the firewall would do... so I
> never did go that route).
You could mount /var on an actual hard drive and if it croaks the
server will still work.
Cordially
--
+--------------------------------------------------+
| Patrick Giagnocavo, patrick at zill.net |
| Zill.Net - OpenACS, Postgres, Lisp hosting |
| OpenACS v4 shared server $19.95/month |
| Colocation w/50GB transfer $99.00/month |
| Managed servers (incl. system) $175/month |
+--------------------------------------------------+
More information about the rescue
mailing list