[Firehol-support] Key loggers and others that communicate back to a base
Rick Marshall
rjm at zenucom.com
Wed Sep 3 00:46:17 BST 2014
You need to have your main machine act as the firewall - ie all traffic routed to it and then it routes to the modem/router.
{home network} <-> {ubuntu firewall} <-> {ADSL modem}
ie the ADSL modem should only work as a switch and the default route for all machines should be via your firewall. Then you can be happy.
NB your firewall will work best with 2 interfaces, but this is not essential. The home network can use the ADSL modem as a switch, but again a separate switch would be better.
Rick Marshall
Technical Director
Zenucom Pty Ltd
0411 287 530 http://www.zenucom.com
Help Desk | 1300 752 172
PO Box 1465, Port Macquarie NSW 2444
IMPORTANT NOTICE:
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
On 3 Sep 2014, at 9:25 am, Robin <rgs at creasehuggett.co.uk> wrote:
> My setup is that I have a main desktop Ubuntu machine, and a second ubuntu machine that I use as a media center that is attached to my TV and accesses the internet via the same ADSL router. I also have a dvr that is directly connected to the router, and that is used to access videos stored on the main desktop machine. I use rygel as the DLNA controller. I also use VPN occasionally. Then there is the suggestion from Costa, which I would like to incorporate into the setup.
>
> Has anyone done something similar in Firehol that I could copy or at least use as a starter or am I being over ambitious in what I would like to do with Firehol?
>
> Robin
>
>> Tsaousis, Costa wrote on 03/09/14 00:04:
>>
>>
>> Firehol will do just fine allowing very specific services from your LAN machines to the internet.
>> For HTTP/HTTPS I suggest to install a proxy and control the allowed URLs there. So, direct layer 3 HTTP/HTTPS should not be allowed. Only through the proxy. Firehol can also setup a transparent HTTP proxy for you (but not HTTPS - HTTPS cannot be intercepted - the clients will have to be configured to use the proxy for HTTPS).
>>
>> Costa
>>
>>
>>
>> On Wed, Sep 3, 2014 at 1:35 AM, Whit Blauvelt <whit at transpect.com> wrote:
>> To the degree it can set what types of services you can be a client of, yes.
>> But if the key logger or whatever is using an HTTP(S) POST or GET to send
>> your data across, and you allow HTTP(S) clients out over the firewall,
>> you've still got trouble.
>>
>> You could allow only HTTP(S) clients to connect to specific IPs. For most of
>> us, that would be a nonstarter. But if you wanted to have a system that
>> could only connect to your bank, and your bank's at a fixed IP, you could
>> easily do that.
>>
>> Whit
>>
>> On Tue, Sep 02, 2014 at 08:45:14PM +0100, Robin wrote:
>> > I feel I need to install a firewall and ubuntu comes with a very simple one,
>> > but I noticed it did not stop outgoing comms, or provide for a white list,
>> > dealing with communications going from key loggers, zombie machines, etc.
>> > Does firehol help in this regard?
>> >
>> >
>>
>> > _______________________________________________
>> > Firehol-support mailing list
>> > Firehol-support at lists.firehol.org
>> > http://lists.firehol.org/mailman/listinfo/firehol-support
>>
>> _______________________________________________
>> Firehol-support mailing list
>> Firehol-support at lists.firehol.org
>> http://lists.firehol.org/mailman/listinfo/firehol-support
>>
>
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20140903/01acb2fa/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: z4.png
Type: image/png
Size: 3389 bytes
Desc: not available
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20140903/01acb2fa/attachment-0003.png>
More information about the Firehol-support
mailing list