Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security

Captain Crunch's New Boxes, Part II 423

Posted by timothy from the whistle-whistle dept.
micsaund writes: "It looks like the infamous Captain Crunch has been toiling away for 3 years on a firewall now known as the Crunchbox. It runs OpenBSD and is administered via a web-based interface. Steve Wozniak is quoted as saying it's 'next to un-crackable.' Check it out at ShopIP. The Register also has an article on it. As an aside, since the Linux Router Project (LRP) appears to have been sold-out and GnatBox is a tad expensive, is anyone aware of some kind of 'packaged' firewall with a slick interface available for free?" We mentioned Draper's venture into firewalls last year, but there's been some progress since then.
This discussion has been archived. No new comments can be posted.

Captain Crunch's New Boxes, Part II More

Captain Crunch's New Boxes, Part II

Comments Filter:

  • Re:Wozniak? (Score:2, Insightful)

    by Drakin ( 415182 ) on Sunday March 03, 2002 @09:23PM (#3103379)
    He has the mentality for finding ways around security. Be it with technological gagets, or otherwise.

    It's a matter of not knowing how, but thinking of how it could be attacked. Security isn't just about plugging holes, it's about thinking about new holes that could be used.

  • Re:People shouldn't say these things! (Score:3, Insightful)

    by mark-t ( 151149 ) <markt AT nerdflat DOT com> on Sunday March 03, 2002 @09:32PM (#3103405) Journal
    Maybe, except he didn't say that it _IS_ uncrackable, only 'next-to-uncrackable'. I realize that some may consider this nitpicking, but it isn't, really. Any non-trivial piece of software has bugs, and Steve Wozniak knows that just as well as any of us. This sort of comment is likely Woz's way of expressing the high degree of confidence he has in the product without making any sort of claim that could very possibly be proven false next week.

  • Is a remotely updatable firewall a good thing? (Score:4, Insightful)

    by gwernol ( 167574 ) on Sunday March 03, 2002 @09:32PM (#3103406)
    From the page at iShop.com:

    The latest attack signature libraries can be automatically updated from a centralized source of the computer security community.

    I am certainly not a security expert, but this seems like a potential weak point. If they can automatically change the rules the firewall uses, then in theory someone else could as well, if they cracked the update protocol.

    Does anyone know how they protect these updates so that they can't be intercepted and broken?

  • Re:Coyote Linux (Score:5, Insightful)

    by wholesomegrits ( 155981 ) <wholesomegrits@mch[ ]com ['si.' in gap]> on Sunday March 03, 2002 @10:06PM (#3103522)
    Maybe a few comments from De Raadt, the OpenBSD guy, regarding the intelligence of using a floppy disk [monkey.org] for your firewall are in order. The short and quick: it's a stupid idea. This thread seems to be dominated by the "let's entrust my entire network's security to a $.25 (or cheaper) part that has the highest failure rate of any storage medium ever. This isn't directed at you, servoled, but just a general note for the thread.

  • Re:This article is a perfect example... (Score:2, Insightful)

    by Ben Wolfson ( 216575 ) on Sunday March 03, 2002 @10:08PM (#3103526)
    This f*cking article was up on the Reg® on the f*cking 27th of February! In the world *I* live in, that was last Wedesday! How the f*ck does this qualify as "news"?
    Did you know about it last Wednesday?I didn't.It's news to me.

  • LRP is now LEAF... (Score:5, Insightful)

    by phraktyl ( 92649 ) <wyattNO@SPAMdraggoo.com> on Sunday March 03, 2002 @10:23PM (#3103569) Homepage Journal

    LRP has been superceded by the LEAF project at http://leaf.sourceforge.net [sourceforge.net]. I'm running a current LEAF distro (Oxygen) and it's rock solid. There are quite a few different flavors, depending on your needs and experience level.

    From the LEAF site:

    An easy to use embedded Linux network appliance for use in small office, home office, and home automation environments. Although it can be used in other ways, it's primarily used as a gateway/router/firewall for Internet leaf sites.
    Last Oxygen release was about 2 weeks ago.

  • Re:Correct Smoothwall Archive URL (Score:4, Insightful)

    by Watts Martin ( 3616 ) <layotl&gmail,com> on Sunday March 03, 2002 @10:52PM (#3103644) Homepage

    You know, after reading the entire thing, I think both you and Dick should be taken out and spanked. :)

    It's obvious Dick is genetically incapable of responding civilly, and he should be physically prevented from responding to users. There are certain people who seem to revel in the Bastard Operator From Hell stereotype. One suspects he started his own company because if he tried to work for anyone else, they'd fire him, ideally with a cannon.

    Having said that, though, it's also clear that you simply weren't willing to take "it's a firewall, and isn't competing with a Linux distribution" for an answer. Dustmite didn't start out irritable--he got that way after explaining the rationale. Then doing it again. Then repeating himself. Over. And over. And over.

    Quite frankly, any engineer would have started sounding irritable by the end of that IRC log. He could have handled it better, but honestly, you didn't come across like you were going to accept any "closure" other than a Smoothwall employee saying, "Yes, it's a great idea to put GCC and a web server on our firewall, and we'll get right on it."

    It's interesting to hear these things about Smoothwall, though, since I work for a company that makes a box that competes with them. (Incidentally, our box does have a web server on its firewall if you want it. Dustmite is right: it's bad security to do that.)

  • Re:LRP "sold out" ? (Score:2, Insightful)

    by ahde ( 95143 ) on Sunday March 03, 2002 @11:41PM (#3103806) Homepage
    Name one reason _not_ to use 2.2?

    Before you say "ip tables" try and fit that on a floppy.

    2.2 kernels are safe, stable, secure, tested, well known, documented, efficient, lightweight, etc. The last known remote exploit was a DoS on 2.2.19 almost a year ago -- and most firewalls wouldn't have included the features that make it possible.

  • Re:Smoothwall (Score:2, Insightful)

    by jazman_777 ( 44742 ) on Monday March 04, 2002 @01:10AM (#3104105) Homepage
    Try OpenBSD. It's rock-solid secure. It'll give you what you want. And, compared to Morrell, Theo de Raadt (sp?) is a model of civility and diplomacy.
  • That Woz quote got me thinking...

    Let's say you have a good product and you want to get it endorsed. Bring it to a business guy, and he'll say: "This box is uncrackable. It's totally secure and cannot be comprimised."

    Bring the same thing to a well-respected engineer and he might say: "It's darn, near impossible to crack. Hey, nothing is impossible, and there's always a risk, but this product is as good as it gets."

    Too bad only the first endorsement would ever help sell the product.

  • Re:LinuxMandrake SNF (Score:3, Insightful)

    by Yottabyte84 ( 217942 ) <yottabyte@@@softhome...net> on Monday March 04, 2002 @02:35AM (#3104307)
    Basrille doesn't do NAT, but it's great for firewalling your box.

  • Re: Silly FUD (Score:1, Insightful)

    by Anonymous Coward on Monday March 04, 2002 @10:26AM (#3105144)
    You dumbass, those are options that you have to manually turn on during the installation.

    By default it is set up simply as a firewall/router.

    Any distro is only as safe as the services its running on open ports. duh.

    I looked at Clarkconnect, but I refuse to run it.

    You looked at what the package listing on the website?
    You obviously didn't "look at" the distro enough to know what you're talking about.

    Who in the fuck modded this guy up anyway?

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close