hi all i want to use two machines as gateways as vpn for connecting two corporates also i want to use IPsec as firewall what can i do now???
===== upendra gandhi CIW ASSOCIATE (Server Admin.Internetworking Professional, Security Professional) http://home.graffiti.net/upengan78 upengan78@hotmail.com pengan78@linuxfreemail.com upengan78@epatra.com upengan78@graffiti.net upengan1978@netscape.net upengan78@hotpop.com
"THE LIVING GOD IS WITHIN YOU" Dearest 'swami vivekananda'
__________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com
--- upendra gandhi upengan1978@yahoo.com wrote:
hi all i want to use two machines as gateways as vpn for connecting two corporates also i want to use IPsec as firewall what can i do now???
[snip] readup freeswan.org. Thatz all u'll ever need.
There r also numerous commercial implementations of FreeSwan available. C wat u find suitable.
Trevor
===== upendra gandhi CIW ASSOCIATE (Server
===== ( >- GNU/LINUX, It's all about CHOICE -< ) /~\ __ http://www.qmailtheeasyway.com __ /~\ | ) / mailto: trevor.w@media.mit.edu \ (/ | |_|_ \ Research Asst, MediaLab / _|_| ___________________________________/
__________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com
Hello luggers....;)
Time for a little challenge for all of u....:)) Time to put on ur thinking caps nd start hackin @ that old mean gnu-linux b ox of urs.....
Attached below is a file..... or if the admin doesn't allow this to get thro, just download it frm the location as mentioned below.
-->http://www.qmailtheeasyway.com/rel/probably_mishap
--> Situation <--
A stock installation of RH7.2 with XFS running the followign daemons.
--> MySQLd --> Apache(Patched for latest exploits) --> SSHd(Unpatched but runnin on a very high port)
A binary running from /tmp called as .uubugtraq --> /tmp/.uubugtraq owned by apache:apache consuming abt 3-4% system resources. --> Runing for sometime as user apache, don't know if root has been compromised. --> /bin/ls nd /bin/ps r the same with no change to some basic imp system binaries. --> "ps eaxf" showed the following......."/tmp/.uubugtraq 130.111.61.232" with 2 threads spawned frm the main process.
Itz not very obvious watz the conclusion......but tell me wat u figure out from this nd watz is the binary doin connection to that dude's server.
Trevor
===== ( >- GNU/LINUX, It's all about CHOICE -< ) /~\ __ http://www.qmailtheeasyway.com __ /~\ | ) / mailto: trevor.w@media.mit.edu \ (/ | |_|_ \ Research Asst, MediaLab / _|_| ___________________________________/
__________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com
hi all i want to use two machines as gateways as
vpn
for connecting two corporates also i want to use IPsec as firewall what can i do now???
[snip] readup freeswan.org. Thatz all u'll ever need.
There r also numerous commercial implementations of FreeSwan available. C wat u find suitable.
By far the best commercial product available is snapgear. Try www.snapgear.com.
-- Ashok
__________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com
hellew, IPsec is not a firewall, its a tunneling and (optionally)encryption standard .Do u need a firewall or secure transport? I dont know about snapgear, but the best commercial box is the Nortel Contivity - most big firms worldwide use this for ipsec. The key issue here is, how many sessions are estimated? Linux box plus its hardware can only take so much, since encryption/decryption are processor-intensive, so you might have a drop in link throughput - so size the box carefully.
regards, kishor
--- Ashok Iyer ashok_linux@yahoo.com wrote:
hi all i want to use two machines as gateways as
vpn
for connecting two corporates also i want to use IPsec as firewall what can i do now???
[snip] readup freeswan.org. Thatz all u'll ever need.
There r also numerous commercial implementations of FreeSwan available. C wat u find suitable.
By far the best commercial product available is snapgear. Try www.snapgear.com.
-- Ashok
Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com
__________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com
--- kishor bhagwat aaaaarrrgghhh@yahoo.com wrote:
hellew, IPsec is not a firewall, its a tunneling and (optionally)encryption standard .Do u need a firewall or secure transport?
[snip] Think he wants secure encrypted transmission of bitz/bytez.
.
The key issue here is, how many sessions are estimated? Linux box plus its hardware can only take so much, since encryption/decryption are processor-intensive, so you might have a drop in link throughput - so size the box carefully.
[snip] Is there any thumb rule as to wat throput would warrant what kind of a config for the gnu-linux freeswan/ipsec box....??
This is wat usually happens.......nd a rough estimate comes thro hours of deployment/management of these boxen. If some firsthand info would b available.....it would make more sense to the amateurs like theone who asked the question.
Trevor
regards, kishor
--- Ashok Iyer ashok_linux@yahoo.com wrote:
hi all i want to use two machines as gateways
as
vpn
for connecting two corporates also i want to use IPsec as firewall what can
i do
now???
[snip] readup freeswan.org. Thatz all u'll ever need.
There r also numerous commercial
implementations
of FreeSwan available. C wat u find suitable.
By far the best commercial product available is snapgear. Try www.snapgear.com.
-- Ashok
Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com
http://mm.ilug-bom.org.in/mailman/listinfo/linuxers
Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com
===== ( >- GNU/LINUX, It's all about CHOICE -< ) /~\ __ http://www.qmailtheeasyway.com __ /~\ | ) / mailto: trevor.w@media.mit.edu \ (/ | |_|_ \ Research Asst, MediaLab / _|_| ___________________________________/
__________________________________________________ Do you Yahoo!? Yahoo! News - Today's headlines http://news.yahoo.com
-
Ashok Iyer -
kishor bhagwat -
Trevor Warren -
upendra gandhi