Nekochan Net

Official Chat Channel: #nekochan // irc.nekochan.net
It is currently Fri Apr 25, 2014 12:18 am

All times are UTC - 8 hours


Forum rules


Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.



Post new topic Reply to topic  [ 15 posts ] 
Author Message
Unread postPosted: Sat Oct 07, 2006 6:05 pm 
Offline
User avatar

Joined: Sat Oct 18, 2003 2:09 pm
Posts: 136
I have one dying Pentium133. it have been my trust firewall and lame web server (http, mysql, ssh) for years.

I have two boxes available: another pentium133 with openBSD and a Indy R4k with irix6.5 (just the plain foundations discs instaled yet, but i have the 6.5.22 discs somewhere)

I confess i've only used irix to run visualization programs, i don't even know how to start seting it up as a firewall. Is it a good idea?


Top
 Profile  
 
 Post subject:
Unread postPosted: Sat Oct 07, 2006 6:55 pm 
Offline
Moderator
Moderator
User avatar

Joined: Mon Jun 06, 2005 8:53 pm
Posts: 2858
Location: USA
While there are some docs on the net about securing IRIX and configuring ipfilters, I'd go with OpenBSD for a firewall -- clear track record, excellent documentation, secure "by default", and so on. I'm not saying that it's impossible to use IRIX as a firewall system, just that it will take a lot more effort and knowledge to secure it and to keep it secure.


Top
 Profile  
 
 Post subject: firewall
Unread postPosted: Sat Oct 07, 2006 7:17 pm 
Offline

Joined: Wed Jul 19, 2006 7:37 am
Posts: 5735
Location: Renton, WA
Especially considering that with IP24 you're limited to IRIX 6.5.22 and down, and no new security patches are being built for those releases (patches are only verified on current release c, c-1, c-2, c-3).

Another good reason is that you are experienced building firewalls in xBSD. You could have some problems if you're learning on something that security-critical :shock:. Not will, just could, and there's no reason to risk it. Have some fun with the Indy instead.


Top
 Profile  
 
 Post subject:
Unread postPosted: Thu Oct 12, 2006 3:37 pm 
Offline
User avatar

Joined: Sat Oct 18, 2003 2:09 pm
Posts: 136
Thanks for the tips! i've just realised also that i only have one network interface in the indy :) so it's not really an option. Well, back to try to make it display full screen mpeg video then... eventualy... damn procrastination!


Top
 Profile  
 
Unread postPosted: Thu Sep 18, 2008 10:18 am 
Offline
User avatar

Joined: Sat Sep 06, 2008 2:21 pm
Posts: 51
Location: Nashville, TN USA
You may be interested in the m0n0wall and pfsense projects. They're both embedded distributions based on FreeBSD.

http://www.m0n0.ch/
http://www.pfsense.org/

They should work on a P133, but I haven't tried it on that old of a system. I have a converted thin client running m0n0wall based on a Geode 300MHz processor.

It may be worth a try. Good luck in whatever you choose.

_________________
End of line.
:Octane: (SGI Octane, 175MHz R10000, 512MB RAM, hard disk pulled, will be working on further)
:O2: (SGI O2, 195MHz R10000, 384MB RAM, 4GB SCSI disk with IRIX 6.5)
:Indy: (SGI Indy, 150MHz R5000SC, 16MB RAM, two 4GB disks running IRIX 5.3)
:Indigo2IMP: (SGI Indigo2 Extreme, 200MHz R4400SC, 128MB RAM, 9GB disk with IRIX 6.5, will upgrade RAM, processor and graphics to MaximumIMPACT)

HP ProLiant DL360 G3 - dual Intel Xeon 2.8GHz, 2.5GB RAM, Ultra320 SCSI
Looking at obtaining more SGI hardware again!
Image
Image


Top
 Profile  
 
Unread postPosted: Thu Sep 18, 2008 9:18 pm 
Offline

Joined: Mon Jan 29, 2007 5:57 pm
Posts: 306
Location: Copenhagen - Denmark
The only thing secure about IRIX is that it's so old nobody remembers how to break it...

No, seriously. Go for OpenBSD. You'll love it.


Top
 Profile  
 
Unread postPosted: Fri Sep 26, 2008 11:21 pm 
Offline
User avatar

Joined: Sat Mar 18, 2006 2:03 pm
Posts: 179
Location: Mons, Belgium
$DEITY knows I love IRIX but its security features are a joke. Go OpenBSD, you won't regret it.

_________________
SGI: :Indigo2IMP: :Fuel: :O2: :Octane2:
Sun: Ultra2, Ultra60, Sun Fire 4800
Apple: G3, Powermac G4 MDD, PowerMac G5, Mac Mini, iBook G4 12", MBP
Dec 3000
IBM RS/6000
AMD64 FreeBSD box


Top
 Profile  
 
Unread postPosted: Wed Dec 03, 2008 8:44 am 
Offline
User avatar

Joined: Sat Jul 07, 2007 1:19 am
Posts: 301
Location: Slovakia
out of curiosity, how much electricity does indy r4k draw?

_________________
:Indigo2IMP: :Octane: This post was typed using dvorak keyboard layout - http://www.dvzine.org


Top
 Profile  
 
Unread postPosted: Wed Dec 03, 2008 10:22 am 
Offline
User avatar

Joined: Wed Nov 19, 2008 3:13 pm
Posts: 11
Security by obscurity ;) OpenBSD + SGI hardware for firewall is kick ass combination
but SUN hardware is also a good choice as Risk architecture are less prone to buffer overflows(not that any is know for OpenBSD but still).
I would try to avoid i386 hardware for firewall just because every idiot now is playing with it hardware.
On the another hand if you want to save money on your electric bill fanless MiniITX mother boards are great way to go. They run i386 however.


Top
 Profile  
 
Unread postPosted: Wed Dec 03, 2008 1:56 pm 
Offline

Joined: Wed Jul 19, 2006 7:37 am
Posts: 5735
Location: Renton, WA
The new x86s have execute disable, and with a well-built firewall there won't be many holes to get into anyway. Indeed, a case could be made favoring a big arch (x86, SPARC, probably AXP), as more people will be looking for the little issues and fixing them, and while very few issues will be platform-dependant, you know the x86 ones will be found and fixed. Just keep on top of things and you'll be fine.

The big downside with many workstations as firewalls (especially old workstations) is finding the second network interface. Indigo/Indy really looses out there. Sbus is pretty common, but it's hard to argue with a well-built PCI PC (emphasis on well-built, junk H/W will make your life miserable with problems).

_________________
Damn the torpedoes, full speed ahead!

There are those who say I'm a bit of a curmudgeon. To them I reply: "GET OFF MY LAWN!"

:Indigo: :Octane: :Indigo2: :Indigo2IMP: :Indy: :PI: :O3x0: :ChallengeL: :O2000R: (single-CM)


Top
 Profile  
 
Unread postPosted: Wed Dec 03, 2008 5:09 pm 
Offline

Joined: Mon Jan 29, 2007 5:57 pm
Posts: 306
Location: Copenhagen - Denmark
toxygen wrote:
out of curiosity, how much electricity does indy r4k draw?


I think I measured mine to be in the 50-60W range with a newish 15k RPM disk.


Top
 Profile  
 
Unread postPosted: Sun Dec 21, 2008 6:49 am 
Offline
User avatar

Joined: Sat Dec 18, 2004 8:21 am
Posts: 301
Location: Stockholm, Sweden
Scrap the pentium and use NetBSD on the Indy ;)

_________________
SGI Systems: R4K :Indigo:/256MB/XS-24, R5K 150MHz :Indy:/160MB/XL-24, R10K 175MHz :O2:/640MB, R12K 400MHz :Octane2:/Vpro6/1GB & R4K 250 MHz :Indigo2IMP:/128 MB/XZ Extreme/GIO64 FDDI

"It's a UNIX system! I know this! "


Top
 Profile  
 
Unread postPosted: Mon Dec 22, 2008 5:52 pm 
Offline
User avatar

Joined: Wed Nov 01, 2006 10:37 pm
Posts: 2914
Location: NZ
Oko wrote:
Risk architecture


do you mean RISC?

Oko wrote:
... are less prone to buffer overflows


Do they not use return addresses on the stack?

_________________
Land of the Long White Cloud and no Software Patents.


Top
 Profile  
 
Unread postPosted: Mon Dec 22, 2008 6:33 pm 
Offline
User avatar

Joined: Tue Aug 21, 2007 9:12 pm
Posts: 2725
Location: Kentucky, USA
Why not go with a small and cheap linksys or netgear (or similar) router?

_________________
Image (8x3.0g) Image (2x1.4g) Image (vaio fit)
Previously: :Octane: :Octane: :Octane: :O2: :O2: :Indigo2IMP: :Onyx:

"The Barbecue Ghost and Fernando Torres are friends."


Top
 Profile  
 
Unread postPosted: Fri Dec 26, 2008 5:39 am 
Offline

Joined: Sun May 27, 2007 2:26 pm
Posts: 211
Location: Richmond, VA, USA
porter wrote:
Oko wrote:
Risk architecture


do you mean RISC?

Oko wrote:
... are less prone to buffer overflows


Do they not use return addresses on the stack?


Mostly, it's that most buffer-overflow-based shellcode exploits use x86 opcodes in their trickery, this will just explosively segfault on a MIPS or other non-x86. I once built a webserver using a SPARC machine in part because of this. (The customer in question wanted Apache+Solaris+Postgresql+Python regardless of arch, though.)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 15 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group