Home

A Simple Linux Router Upgrade

Dec 24, 2001  By Phil Hughes
 in
A system crack leads our publisher to a quest for a router upgrade..

Linux Routers

Apparently as a Christmas present someone cracked into my old router for my home network. It looks like they couldn't do much because of the sparse configuration on that system but I decided it was time for an upgrade.

I was running a Debian distribution from a couple of years ago that I had configured myself to do IP Masquerading and some port mapping. All this on a 486/33 with a 500MB disk. What you might call a set it and forget it system.

Well, the crack inspired me to go for a change. I knew of a few single-floppy routers but had never configured one. This seemed like the perfect chance to try one out because it meant I didn't have to trash to running but insecure current config making it possible to fetch stuff off the net if my first try didn't work.

I decided to go for a quick search on freshmeat and see what was out there. The listings are alphabetical and the first I came to that sounded like it would work was BBIagent.net. This package offers a Linux 2.4.13 kernel, fits on one floppy and includes a form on the web site that you fill out to get your own custom floppy image. To top it all of it would run in 8MB of RAM--an easy fit for my huge 16MB system.

Once you boot it up you configure it remotely using a Java-enabled web browser on your LAN. Sounded secure enough so I went for it. After all, the price was right and it looked like very little work.

The configuration was almost a snap. That is, it was a snap but the first two disks I wrote weren't happy setting up my two 3C509 Ethernet cards. I had been thorough and gave I/O addresses and IRQs.

I decided being dumb was probably the way to go and told the config program I didn't know this info so it should auto-probe. Another boot and it worked like a charm.

Once you configure it from the browser you can save your configuration options to the boot floppy. That's about it. Now I just need to pop the case on the system and unplug the now unused hard drive.

email: phil@ssc.com

______________________

Phil Hughes

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Re: A Simple Linux Router Upgrade

Anonymous's picture
Submitted by Anonymous on Wed, 01/09/2002 - 03:00.

Read about some of the upcoming features in IPCop at http://slydder.homelinux.com/stories/op/storiesView/sid/60/

chuck

Re: A Simple Linux Router Upgrade

Anonymous's picture
Submitted by Anonymous on Sat, 01/12/2002 - 03:00.

Thanks! I love it. and no smoothwall team. ;)

Am also awaiting version 0.2 to be released now.

Steve

Re: A Simple Linux Router Upgrade

Michael's picture
Submitted by Michael (not verified) on Mon, 01/07/2002 - 03:00.

P.S.

It wouldn't hurt to change the sort order of comments posted so the newest show up on top.

Most users will get bored real quick and not look much further if they see old comments that don't look fresh right under an article.

Michael

Re: A Simple Linux Router Upgrade

Michael's picture
Submitted by Michael (not verified) on Mon, 01/07/2002 - 03:00.

How about telling us the 'sploit that got you compromised and how come you missed FreesCo?

Michael Hess

Editor, BBSNews

http://bbsnews.net

Re: A Simple Linux Router Upgrade

Anonymous's picture
Submitted by Anonymous on Wed, 01/02/2002 - 03:00.

Take a look at this one, a fork of another GPL project.
http://sourceforge.net/projects/ipcop/
IP Cop takes over a pc and provides logging, Snort IDS, VPN, Firewall, Transparent Proxy, DNS cache, and more.
Keep an eye on this one. The first _real_ release should be out by the middle of January. The current release is a shakedown cruise.

Re: A Simple Linux Router Upgrade

Anonymous's picture
Submitted by Anonymous on Mon, 12/31/2001 - 03:00.

I'm very sorry to hear your box was compromised. I would like to know how. I'm glad though that it caused you to check your configuration and to see what would be better of use for your needs.

As an article i find this story lacking. I would have liked to see a comparison between different solutions you (should have) tried. Now it it seems you just picked the first solution at hand and forgot about the rest. This is the kind of story you tell to your friends, or the kind of story i can read at various small linux-enthousiasts sites. This is not qiuet what i would expect from a source like LJ.

Like the new look of the site though...

Re: A Simple Linux Router Upgrade

Anonymous's picture
Submitted by Anonymous on Sun, 12/30/2001 - 03:00.

I think you could have done a better job on this short article--too short.

At least tell the reader in what way your system was compromised so that they can check their own system.

It would be easier to read if you had checked your grammar and english usage before posting this article--not very professional. This is a problem that is rampant in the technical community.

You should have included details related to upgrading the kernel, if necessary, the various routing applications i.e: ipchains, iproute, etcetera, and configuration information.

Try harder next time!

Re: A Simple Linux Router Upgrade

Anonymous's picture
Submitted by Anonymous on Wed, 01/02/2002 - 03:00.

The old adage of the pot & the kettle comes to mind.

As you seem to have an affinity for grammatical pedanticism, I am sure you will enjoy the errors I found in your own response:

1) The first sentence contains a syntax error. It includes an incomplete phrase;

2) The second sentence employs mixed tenses. The correct portion should read, "It would have been easier to read, had you checked your grammar before posting the article;" and,

3) The third sentence is a complete disaster due to a number of serious mistakes in syntax, punctuation and basic grammar. It needs to be completely rewritten.

You knew someone was going to do this, didn't you?

--

burns

Re: A Simple Linux Router Upgrade

Anonymous's picture
Submitted by Anonymous on Thu, 12/27/2001 - 03:00.

Could you give us some information as to in what way your original box was compromised?

Re: A Simple Linux Router Upgrade

fyl's picture
Submitted by fyl (not verified) on Fri, 12/28/2001 - 03:00.

Sure. A directory of break-in software appeared in /etc.
I don't know how it managed to get put there but I am guessing a bug in ftp. It appears that nothing was done with it (hard to be sure). The one thing that I noticed was that it needed Perl to run and the system does not have Perl on it. Also, the system only has 8MB of RAM which should slow down some approaches.

I have the files saved and, when I get a chance, will see what other interesting things they hold.

Re: A Simple Linux Router Upgrade

Anonymous's picture
Submitted by Anonymous on Sun, 01/13/2002 - 03:00.

I'm wondering how you have a working Debian box without Perl?

Upgrades (dpkg/apt) would almost surely be broken.

And why would one run an ftp daemon on a firewall anyway?

Re: A Simple Linux Router Upgrade

Anonymous's picture
Submitted by Anonymous on Sat, 01/05/2002 - 03:00.

You orginally stated that your box has sixteen megs of ram.

Re: A Simple Linux Router Upgrade

Anonymous's picture
Submitted by Anonymous on Thu, 12/27/2001 - 03:00.

one wonders how one could miss the linux router project. and, btw, ever thought of copy-protecting the whole shootin' match (the floppy, dude...)???

Re: A Simple Linux Router Upgrade

fyl's picture
Submitted by fyl (not verified) on Fri, 12/28/2001 - 03:00.

I didn't miss the LInux router project. I am well aware of it and expect most readers are as well. Had I not tripped on this different approach I would have loaded LRP. But, it's my nature to try alternatives--probably why I don't own any software from that big software marketing company in Redmond.

Re: A Simple Linux Router Upgrade

Anonymous's picture
Submitted by Anonymous on Wed, 12/26/2001 - 03:00.

What about logging?

Re: A Simple Linux Router Upgrade

fyl's picture
Submitted by fyl (not verified) on Wed, 12/26/2001 - 03:00.

If you are looking for a "who did what" log, this is the wrong answer. On the other hand, it goes way beyond what you get with an inexpensive box such as the Linksys. Of particular interest to me is the ability to redirect port numbers. Thus, you could have multiple web servers behind the router all serving port 80 but, from the outside you could select a destination by the port number.

Clearly, a Linux box can do a lot more than this guy but this guy does what I needed to do with virtually no setup work.

Re: A Simple Linux Router Upgrade

Anonymous's picture
Submitted by Anonymous on Fri, 07/04/2003 - 02:00.

Where I can find a free router soft how BBiagent or Microtic ?

Re: A Simple Linux Router Upgrade

Anonymous's picture
Submitted by Anonymous on Wed, 12/26/2001 - 03:00.

Depends what you mean by logging. It has built in logging which records how much data passed through the router, when the connection was made, and the total amount of time on line. If you have an unlimited internet access line, this probably don't mean much. But for those who have limited access, i.e. broadband access with limited free access per month, this is a useful feature.

Also, the latest version 1.4.1 has settings for priority routing i.e. TOS

White Paper
More Resources
Fabric-Based Computing Enables Optimized Hyperscale Data Centers

Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.

Learn More

Sponsored by AMD

White Paper
More Resources
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy

Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6

Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.

Learn more about catching the bad guy in this free white paper.

Learn More

Sponsored by DLT Solutions