Direct attach linux machine to the internet.

[simple_gifts]

So, i have a netgear router/fw that 'might be' on the fritz. Dropped packets, 21ms to 700ms response from google DNS servers etc. Tomorrow I'll dig up my old Linksys from the back of my car and try that out.

Wanting to cut it out of the loop for tonight, i direct attached my box to the internet (pppoe) and it got me thinking. Seems like there are a lot of exploits using unpatched routers; the vendors seem to come out with updates 'not too frequently' and I thought, if my home linux box gets nightly updates, can't I just get some fw rules applied and call it a day? Kernel gets updated as soon as released so I should be all set there and i don't have multiple machines or wireless.

So I pressed on and loaded ufw and gufw and applied the 'public' rule set which should be 'default drop' and 'let stuff out and stuff you requested in' and then I go to grc.com and run shields up. I'm not posting the results, but not too impressive. Lots of stuff refusing connections, that I would rather have them drop (stealth)

So I will need to heist a rule set from our Oracle linux boxen @ work and use one of those. I'll need to figure out how to shut off network-manager under ubuntu and just go back to 'manage by vi"; It is discouraging how little i know about ubuntu configuration without the gui.

Any comments or suggestions 'preciated.

 

[abycat]

by far not as technical as you with that stuff. can connections and cables affect your problem?

 

[AlaskaMike]

A lot of it's personal preference. I actually prefer to use REJECT rather than DROP in my Linux firewall scripts because when the attacker sees evidence of firewalling (their packets just get dropped on the floor), then that gives them a bit of information. On the other hand, if they get back "connection refused" then they have to wonder--is it just that there's no process listening on that port? Or is there a firewall in place using REJECT instead of DROP?

I think as long as it's a "default deny" type of firewalling, that's the main thing.

 

[simple_gifts]

Originally Posted By: abycat
can connections and cables affect your problem?


Yes they can. My linux box is on a 20ft cable to the router. I simultaneously 'pinged' both the router and google dns.

If it were the connection (wire in my house to the router) the slow down would occur both to the router and to google. The slowdown was just to google.

About two years ago, i cut free from my house wiring and have 1 single connection directly from the box on my house (dsl) to the dsl modem; I can inspect the entire length of the wire. This is avoid the usual "house wiring issue" ATT tried to pass off my last two outages on.