1 |
Randy Barlow <randy@×××××××××××××××××.com> writes: |
2 |
|
3 |
> reader@×××××××.com wrote: |
4 |
>> I mean if |
5 |
>> you connect it to any machine in the diagram or elsewhere wouldn't you |
6 |
>> be exposing that machine to the unfiltered internet? |
7 |
> |
8 |
> I think that's the idea here - to see the difference between the two |
9 |
> sides of the router. |
10 |
|
11 |
If that is the case then I guess I don't see how the quote below |
12 |
applies. From Mick in his initial reply: |
13 |
|
14 |
> A rather simpler solution to do this would be to get hold of hub, |
15 |
> connect it to the firewall and watch everything that passes through |
16 |
> it. |
17 |
|
18 |
I relize you are not who made the reply I quote above but: |
19 |
|
20 |
If you still have to come up with a hardened interface to the hub then |
21 |
how is it simpler? |
22 |
|
23 |
Further, since the router is switched then you'd really need two hubs. |
24 |
One on each side, if the aim were to compare what is coming and what is |
25 |
getting thru. So we're getting further and futher away from `rather |
26 |
simpler' |
27 |
|
28 |
Come up with the hardened interface and forget the hub[s]. As I said |
29 |
my router offers to send all the bounced traffic to a designated DMZ. |
30 |
|
31 |
I am probably not interested enough right now to build up a whole |
32 |
different machine to talk to the hub or be the DMZ. So if you are |
33 |
pretty convinced doing it from a VMgentoo appliance running on one of |
34 |
the win boxes then I'll probably just keep fiddling around with the |
35 |
logs produced by the router. |
36 |
... Thanks |
37 |
|
38 |
-- |
39 |
gentoo-user@g.o mailing list |