Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Building a hardware firewall?


  • Please log in to reply
11 replies to this topic

#1 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:04:01 AM

Posted 22 January 2016 - 04:07 PM

Is it possible to do this? I would assume you could just build a fairly cheap machine, set it up with a firewall, and stick a couple of 10GbE cards in it. Would this work or is there something I'm missing?
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

BC AdBot (Login to Remove)

 


#2 CyberSec_ET

CyberSec_ET

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Forestville California
  • Local time:12:01 AM

Posted 22 January 2016 - 04:15 PM

This video shows how to achieve this :

 

https://www.youtube.com/watch?v=SaeCxovsCVc


Edited by CyberSec_ET, 22 January 2016 - 04:17 PM.


#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 AM

Posted 24 January 2016 - 01:23 PM

Yes, you can do this.

Or you can buy one of those routers that can have their firmware replaced with open source firmware.

Or even buy dedicated hardware, like Soekris.


Edited by Didier Stevens, 24 January 2016 - 03:18 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 ScathEnfys

ScathEnfys

    Bleeping Butterfly

  • Topic Starter

  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:04:01 AM

Posted 24 January 2016 - 02:22 PM

So a router running openWRT or similar will have the same capabilities?
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 AM

Posted 24 January 2016 - 02:26 PM

So a router running openWRT or similar will have the same capabilities?

 

The same capabilities compared with what?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 ScathEnfys

ScathEnfys

    Bleeping Butterfly

  • Topic Starter

  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:04:01 AM

Posted 24 January 2016 - 03:08 PM

Sorry I didn't explain. Same / similar capabilities to a dedicated firewall running an open source firewall OS / lightweight linux and a SPI firewall + NIDS
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:01 AM

Posted 24 January 2016 - 03:17 PM

OpenWRT is based on the Linux kernel and supports netfilter and Snort, so I guess it offers similar features as a dedicated firewall.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 Agentspade

Agentspade

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U S Of A
  • Local time:02:01 AM

Posted 03 February 2016 - 05:27 AM

Get this: https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx

 

And this: http://www.amazon.com/Intel-Fanless-Mini-ITX-D2500CCE-PD12TI/dp/B008KB5YCK/ref=cm_cr_pr_product_top?ie=UTF8

 

Upgrade the RAM to 2 more GBs. You will need a small SSD or platter.

 

Many other users recommend PFsense. But if you don't have a server or anything running on your home network like a mail server than all you need is a good router and perhaps Comodo Firewall. I like to monitor outbounds hence the software based firewall. 

 

This router is pretty good. http://www.newegg.com/Product/Product.aspx?Item=N82E16833320091

 

Flash with DD-WRT. http://www.dd-wrt.com/phpBB2/viewtopic.php?t=171783&highlight=


Edited by Agentspade, 03 February 2016 - 05:31 AM.


#9 Smsec

Smsec

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 AM

Posted 03 February 2016 - 11:43 PM

There's a Pfsense version that runs on flash card. Steve Gibson over at Grc.com mentions in a podcast that he likes the Soekris and pcengines.ch hardware for Pfsense. Transcript: https://www.grc.com/sn/sn-534.htm. I think you can build one for around $125.00

 

My Pfsense FW runs on an old neoware thin client that I picked up on ebay a few years ago. Very quiet and doesn't use much power since there's no spinning disk and no fan. 



#10 JohnnyJammer

JohnnyJammer

  • Members
  • 1,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:06:01 PM

Posted 14 February 2016 - 05:33 PM

Ever tried MicroTik routers? Very robust boxes hey and fairly cheap, a lot of the USA military use them.



#11 ouroborus

ouroborus

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 15 February 2016 - 11:14 PM

But if you don't have a server or anything running on your home network like a mail server than all you need is a good router and perhaps Comodo Firewall.

 

I've discovered Comodo is a really bad idea on a 10GbE connection. What would otherwise be ~9.5Gbps is brought down to ~1.5Gbps. Even gigabit ethernet takes a considerable hit when using Comodo.



#12 daveydoom

daveydoom

  • Security Colleague
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:03:01 AM

Posted 16 February 2016 - 02:11 PM

I've been using a SmoothWall since around 2003:

 

http://www.smoothwall.org/

 

An older computer with two or more network cards and you're good to go.


"A computer beat me in chess, but it was no match when it came to kickboxing"
-Emo Philips

unite_final.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users