[Firehol-support] Key loggers and others that communicate back to a base

Tsaousis, Costa costa at tsaousis.gr
Wed Sep 3 02:04:51 CEST 2014 

Also, since in your setup I don't see windows machines or linux servers
accessible from the internet, I don't really see the risk.
Linux does not suffer from malware to the extend the windows world does. I
believe you are ok the way you are now.

Of course, if you just want to learn, Rick's suggestion is perfect...

Costa





On Wed, Sep 3, 2014 at 2:46 AM, Rick Marshall <rjm at zenucom.com> wrote:

> You need to have your main machine act as the firewall - ie all traffic
> routed to it and then it routes to the modem/router.
>
> {home network}  <->  {ubuntu firewall} <-> {ADSL modem}
>
> ie the ADSL modem should only work as a switch and the default route for
> all machines should be via your firewall. Then you can be happy.
>
> NB your firewall will work best with 2 interfaces, but this is not
> essential. The home network can use the ADSL modem as a switch, but again a
> separate switch would be better.
>
>   *Rick Marshall*
> Technical Director
> Zenucom Pty Ltd
> 0411 287 530  http://www.zenucom.com
> Help Desk | 1300 752 172
> PO Box 1465, Port Macquarie NSW 2444
> ------------------------------
>  *IMPORTANT NOTICE:*
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and
> delete this e-mail from your system. If you are not the intended
> recipient you are notified that disclosing, copying, distributing or taking
> any action in reliance on the contents of this information is strictly
> prohibited.
>
> On 3 Sep 2014, at 9:25 am, Robin <rgs at creasehuggett.co.uk> wrote:
>
>  My setup is that I have a main desktop Ubuntu machine, and a second
> ubuntu machine that I use as a media center that is attached to my TV and
> accesses the internet via the same ADSL router.  I also have a dvr that is
> directly connected to the router, and that is used to access videos stored
> on the main desktop machine. I use rygel as the DLNA controller.  I also
> use VPN occasionally. Then there is the suggestion from Costa, which I
> would like to incorporate into the setup.
>
> Has anyone done something similar in Firehol that I could copy or at least
> use as a starter or am I being over ambitious in what I would like to do
> with Firehol?
>
> Robin
>
>  Tsaousis, Costa wrote on 03/09/14 00:04:
>
>
>  Firehol will do just fine allowing very specific services from your LAN
> machines to the internet.
> For HTTP/HTTPS I suggest to install a proxy and control the allowed URLs
> there. So, direct layer 3 HTTP/HTTPS should not be allowed. Only through
> the proxy. Firehol can also setup a transparent HTTP proxy for you (but not
> HTTPS - HTTPS cannot be intercepted - the clients will have to be
> configured to use the proxy for HTTPS).
>
>  Costa
>
>
>
> On Wed, Sep 3, 2014 at 1:35 AM, Whit Blauvelt <whit at transpect.com> wrote:
>
>> To the degree it can set what types of services you can be a client of,
>> yes.
>> But if the key logger or whatever is using an HTTP(S) POST or GET to send
>> your data across, and you allow HTTP(S) clients out over the firewall,
>> you've still got trouble.
>>
>> You could allow only HTTP(S) clients to connect to specific IPs. For most
>> of
>> us, that would be a nonstarter. But if you wanted to have a system that
>> could only connect to your bank, and your bank's at a fixed IP, you could
>> easily do that.
>>
>> Whit
>>
>> On Tue, Sep 02, 2014 at 08:45:14PM +0100, Robin wrote:
>> > I feel I need to install a firewall and ubuntu comes with a very simple
>> one,
>> > but I noticed it did not stop outgoing comms, or provide for a white
>> list,
>> > dealing with communications going from  key loggers, zombie machines,
>> etc.
>> > Does firehol help in this regard?
>> >
>> >
>>
>>  > _______________________________________________
>> > Firehol-support mailing list
>> > Firehol-support at lists.firehol.org
>> > http://lists.firehol.org/mailman/listinfo/firehol-support
>>
>> _______________________________________________
>> Firehol-support mailing list
>> Firehol-support at lists.firehol.org
>> http://lists.firehol.org/mailman/listinfo/firehol-support
>>
>
>
>  _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
>
>
>
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20140903/fc02c93f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: z4.png
Type: image/png
Size: 3389 bytes
Desc: not available
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20140903/fc02c93f/attachment.png>

More information about the Firehol-support mailing list