While still in Juneau, I was using an old Zyxel Prestige 300 router as my primary firewall.It seemed to do the job at first, but I had a few suspicious events on my network that showed somebody getting through - my local DNS would crash once in a while, it looked more like a poisoned cache than anything. I was running BIND 8 on SuSE 7.2 with all the updated patches. I also found a classic breach, a file in the root home directory (can't remember the name offhand) that's used to gain root access remotely - it's an old 1997 vintage hack (!!!). So be careful and mindful with a Linux box too. Unfortunately, I could never get the logging to work correctly from the Zyxel box. It was supposed to forward a continuous text file to the linux box, but one of the effects of the DNS crash would be that the DNS server could no longer connect to the Gateway router, which happened to be the Zyxel box! The Zyxel will be retired when I get my new network up and running here in Kodiak. I also had a Red Hat 6.3 box (kernel 2.2.19) out in the DMZ exposed directly to the net. It was running custom software for the ham radio Internet Radio Linking Project (www.irlp.net). Since the software was custom, I didn't have much control, but all TCP/IP and UUCP ports other than SSH and the few high numbered ones for the IRLP services were disabled. The thing ran flawlessly - it would only go down during a power outage or hardware failure. I never saw any evidence of compromise even though the IRLP system uses NISplus, which scares me to death running anywhere on the net, especially outside a firewall. The box was a Compaq Deskpro 486 - so there still is plenty of life left for antique hardware if one has the patience to get it running (many communication satellites are stll at the 486 level - I haven't heard of a radiation hardened Pentium yet). I also had suspicious activity on a Mac - the PowerComputing box running MacOS 8.1. The network stack kept getting corrupted, and it couldn't connect to the Netatalk server or sometimes the printer. This was odd because from what I could gather, the only real security hole in MacOS 8.1 was if you had the Personal Web Server running - I had uninstalled it and had tested it from the network side with the linux box and couldn't find any open ports. If anyone has any ideas on this one, I'd be glad to hear about it though a Linux mailing list may not be the correct forum... I dumped all my Windoze boxes after getting tired of Micro$oft pawing through everything on my hard drive every time I'd run an update - it was really interesting to watch the network traffic at packet level while the upgrade was under way. Later, Stephen >This firewall is Linux/iptables, which is probably pretty common in >this group. What are the other solutions on the list? Anyone with >OpenBSD/pf? > >Cheers, > >James ------------------------------------ This is the Juneau-LUG mailing list. To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the word unsubscribe in the subject header.