Captain Crunch's New Boxes, Part II 423
micsaund writes: "It looks like the infamous Captain Crunch has been toiling away for 3 years on a firewall now known as the Crunchbox. It runs OpenBSD and is administered via a web-based interface. Steve Wozniak is quoted as saying it's 'next to un-crackable.' Check it out at ShopIP. The Register also has an article on it. As an aside, since the Linux Router Project (LRP) appears to have been sold-out and GnatBox is a tad expensive, is anyone aware of some kind of 'packaged' firewall with a slick interface available for free?" We mentioned Draper's venture into firewalls last year, but there's been some progress since then.
Re:Wozniak? (Score:2, Insightful)
It's a matter of not knowing how, but thinking of how it could be attacked. Security isn't just about plugging holes, it's about thinking about new holes that could be used.
Re:People shouldn't say these things! (Score:3, Insightful)
Is a remotely updatable firewall a good thing? (Score:4, Insightful)
The latest attack signature libraries can be automatically updated from a centralized source of the computer security community.
I am certainly not a security expert, but this seems like a potential weak point. If they can automatically change the rules the firewall uses, then in theory someone else could as well, if they cracked the update protocol.
Does anyone know how they protect these updates so that they can't be intercepted and broken?
Re:Coyote Linux (Score:5, Insightful)
Re:This article is a perfect example... (Score:2, Insightful)
LRP is now LEAF... (Score:5, Insightful)
LRP has been superceded by the LEAF project at http://leaf.sourceforge.net [sourceforge.net]. I'm running a current LEAF distro (Oxygen) and it's rock solid. There are quite a few different flavors, depending on your needs and experience level.
From the LEAF site:
Last Oxygen release was about 2 weeks ago.Re:Correct Smoothwall Archive URL (Score:4, Insightful)
You know, after reading the entire thing, I think both you and Dick should be taken out and spanked. :)
It's obvious Dick is genetically incapable of responding civilly, and he should be physically prevented from responding to users. There are certain people who seem to revel in the Bastard Operator From Hell stereotype. One suspects he started his own company because if he tried to work for anyone else, they'd fire him, ideally with a cannon.
Having said that, though, it's also clear that you simply weren't willing to take "it's a firewall, and isn't competing with a Linux distribution" for an answer. Dustmite didn't start out irritable--he got that way after explaining the rationale. Then doing it again. Then repeating himself. Over. And over. And over.
Quite frankly, any engineer would have started sounding irritable by the end of that IRC log. He could have handled it better, but honestly, you didn't come across like you were going to accept any "closure" other than a Smoothwall employee saying, "Yes, it's a great idea to put GCC and a web server on our firewall, and we'll get right on it."
It's interesting to hear these things about Smoothwall, though, since I work for a company that makes a box that competes with them. (Incidentally, our box does have a web server on its firewall if you want it. Dustmite is right: it's bad security to do that.)
Re:LRP "sold out" ? (Score:2, Insightful)
Before you say "ip tables" try and fit that on a floppy.
2.2 kernels are safe, stable, secure, tested, well known, documented, efficient, lightweight, etc. The last known remote exploit was a DoS on 2.2.19 almost a year ago -- and most firewalls wouldn't have included the features that make it possible.
Re:Smoothwall (Score:2, Insightful)
The difference between Business and Engineering (Score:3, Insightful)
Let's say you have a good product and you want to get it endorsed. Bring it to a business guy, and he'll say: "This box is uncrackable. It's totally secure and cannot be comprimised."
Bring the same thing to a well-respected engineer and he might say: "It's darn, near impossible to crack. Hey, nothing is impossible, and there's always a risk, but this product is as good as it gets."
Too bad only the first endorsement would ever help sell the product.
Re:LinuxMandrake SNF (Score:3, Insightful)
Re: Silly FUD (Score:1, Insightful)
By default it is set up simply as a firewall/router.
Any distro is only as safe as the services its running on open ports. duh.
I looked at Clarkconnect, but I refuse to run it.
You looked at what the package listing on the website?
You obviously didn't "look at" the distro enough to know what you're talking about.
Who in the fuck modded this guy up anyway?