Forgot your password?

Ask Slashdot: Advice On Building a Firewall With VPN Capabilities? 238

Posted by timothy
from the thick-pipes-and-sturdy-valves dept.
An anonymous reader writes "I currently connect to the internet via a standard router, but I'm looking at bulking up security. Could people provide their experiences with setting up a dedicated firewall machine with VPN capabilities? I am a novice at Linux/BSD, so would appreciate pointers at solutions that require relatively little tweaking. Hardware-wise, I have built PC's, so I'm comfortable with sourcing components and assembling into a case. The setup would reside in my living room, so a quiet solution is required. The firewall would handle home browsing and torrenting traffic. Some of the questions knocking around in my head: 1. Pros and cons of buying an off-the-shelf solution versus building a quiet PC-based solution? 2. Software- versus hardware-based encryption — pros and cons? 3. What are minimum requirements to run a VPN? 4. Which OS to go for? 5. What other security software should I include for maximum protection? I am thinking of anti-virus solutions."

Akamai Warns: Linux Systems Infiltrated and Controlled In a DDoS Botnet 230

Posted by timothy
from the strutting-around-like-they-own-the-place dept.
An anonymous reader writes Akamai Technologies is alerting enterprises to a high-risk threat of IptabLes and IptabLex infections on Linux systems. Malicious actors may use infected Linux systems to launch DDoS attacks against the entertainment industry and other verticals. The mass infestation of IptabLes and IptabLex seems to have been driven by a large number of Linux-based web servers being compromised, mainly by exploits of Apache Struts, Tomcat and Elasticsearch vulnerabilities. Attackers have used the Linux vulnerabilities on unmaintained servers to gain access, escalate privileges to allow remote control of the machine, and then drop malicious code into the system and run it. As a result, a system could then be controlled remotely as part of a DDoS botnet. The full advisory is available for download only with registration, but the (Akamai-owned) Prolexic page to do so is quite detailed.
The Internet

Internet Transit Provider Claims ISPs Deliberately Allow Port Congestion 210

Posted by timothy
from the please-open-the-porthole-a-bit dept.
An anonymous reader writes "Level 3, an internet transit provider, claimed in a recent blog post that six ISPs that it regularly does business with have refused to de-congest most of their interconnect ports. 'Congestion that is permanent, has been in place for well over a year and where our peer refuses to augment capacity.' Five of the six ISPs that Level 3 refers to are in the U.S., and one is in Europe. Not surprisingly, 'the companies with the congested peering interconnects also happen to rank dead last in customer satisfaction across all industries in the U.S. Not only dead last, but by a massive statistical margin of almost three standard deviations.' Ars Technica reports that ISPs have also demanded that transit providers like Level 3 pay for access to their networks in the same manner as fringe service providers like Netflix."

Comment: last mile access (Score 1) 135

by jaredmauch (#46867007) Attached to: Netflix Confirms Deal For Access To Verizon's Network

Now is the time if you care to have everyone you know stand-up for *decreased* regulation in the last mile and locally, not more. The cost of building high speed access to your location is not in the long-haul but the local access network. Long-haul costs are at their lowest point ever, but getting to the major locations is always the expensive part. Labor costs, including engineering and permits make the cost of installing fiber or other technology insignificant.


Amherst Researchers Create Magnetic Monopoles 156

Posted by timothy
from the can-we-call-them-dirac's-revenge? dept.
An anonymous reader writes "Nearly 85 years after pioneering theoretical physicist Paul Dirac predicted the possibility of their existence, an international collaboration led by Amherst College Physics Professor David S. Hall '91 and Aalto University (Finland) Academy Research Fellow Mikko Möttönen has created, identified and photographed synthetic magnetic monopoles in Hall's laboratory on the Amherst campus. The groundbreaking accomplishment paves the way for the detection of the particles in nature, which would be a revolutionary development comparable to the discovery of the electron." That's quite a step beyond detecting monopoles; the Nature abstract is online, but the full paper is paywalled.

Oracle Broadens Legal Fight Against Third-party Solaris Support Providers 142

Posted by Soulskill
from the friendly-neighborhood-corporation-looking-out-for-you dept.
angry tapir writes "Oracle is continuing its legal battle against third-party software support providers it alleges are performing such services in a manner that violates its intellectual property. Last week, Oracle sued StratisCom, a Georgia company that offers customers support for Oracle's Solaris OS, claiming it had 'misappropriated and distributed copyright, proprietary software code, along with the login credentials necessary to download this code from Oracle's password-protected websites.'"

FreeBSD 10.0 Released 136

Posted by samzenpus
from the brand-new dept.
An anonymous reader writes "FreeBSD 10.0 has been released. A few highlights include: pkg is now the default package management utility. Major enhancements in virtualization, including the addition of bhyve, virtio, and native paravirtualized drivers providing support for FreeBSD as a guest operating system on Microsoft Hyper-V. Support for the high-performance LZ4 compression algorithm has been added to ZFS and TRIM support for SSD has been added to ZFS. clang is the default compiler. This release has official Raspberry Pi support. For a complete list of new features and known problems, please see the online release notes and a quick FreeBSD installation video is here. FreeBSD 10.0-RELEASE may be downloaded via ftp or via a torrent client that supports web seeding."

Comment: Re:SubjectsInCommentsAreStupid (Score 1) 285

by jaredmauch (#45324047) Attached to: Ask Slashdot: Simple Backups To a Neighbor?

Fiber and media converters are suitably cheap. You can get the TP-LINK MC220-L for around $20-30, and the optic for as low as $35 depending on your source and type/distance. This works well as you don't have to worry about shielded cabling if you ran something like cat5/6. You can also reach much further distances than with copper wire. You don't necessarily need permits, but you do need to call MISS-DIG, or whatever the local version of that is. When the guy comes out, tell him exactly what you are planning on doing, route, possible routes, etc. Most places require a hand dig within a few feet of any marked utility. The rest you can use a rented trencher to do. Running conduit will make a lot of sense, you typically need schedule-80 which you won't find at lowes/home depot. You can also call a contractor to do this work, depending on the distance it may only cost a few thousand dollars at most. If your goal is to keep things super-low cost, then wifi or other networking may be your ideal solution. Look at the hardware from and see what works. If you don't have line of sight, you will need to run a cable to make this work. If cost doesn't come into the equation, you can also get SFP+ PCIe cards and do this at 10Gb/s vs 1Gb/s much easier. Make sure you run single model fiber, otherwise you may have troubles if you encounter older OM1/OM2 and try to launch 10G signals.

Hope it works out!

Comment: Properly configured hosts not impacted (Score 5, Informative) 179

by jaredmauch (#42046843) Attached to: NTP Glitch Reverts Clocks Back To 2000

If you saw this problem, your NTP time sources were not properly configured and diverse.

Consider using the NTP pool and not relying on so few sources to properly sync your time. Read 5.3.3 and 5.3.4 from for help to correct your NTP setup.


Wi-Fi Shown To Interfere With Aircraft Systems 300

Posted by Soulskill
from the nobody-tell-the-tsa dept.
lukehopewell1 writes "It's official: using Wi-Fi on a plane can interfere with a pilot's navigational equipment, according to airline equipment manufacturers Honeywell Avionics and Boeing today. Boeing confirmed to ZDNet Australia that the issue does exist, but said it has not delivered any planes suffering the fault. 'Blanking of the Phase 3 Display Units has been reported during airline EMI (electromagnetic interference) certification testing of wireless broadband systems on various Next-Generation 737 aeroplanes,' Boeing said."

Ask Slashdot: Could We Reconnect Eastern Libya? 290

Posted by timothy
from the who-is-this-we-paleface? dept.
GrumpyBagpuss writes "We all know that the internet is supposed to route around damage, but currently eastern Libya is off the net because all their connectivity goes through Tripoli. How difficult would it to be to reconnect eastern Libya via a microwave link to Crete? It's less than 200km away, on the Libyan end there are mountains up to 850m and on Crete they're higher than 2000m. People have achieved distances of over 300km with simple WiFi equipment, but would it be possible to increase the bandwidth to handle a whole, or at least half a country? How would you connect the link at both ends? What other problems would there be? How many Pringles cans would we need?"

Obama Calling For $53B For High Speed Rail 1026

Posted by samzenpus
from the lyle-lanley-approved dept.
Antisyzygy writes "President Obama is calling for $53B to be appropriated for the construction of high-speed rail in the United States over the next 6 years. Assuming Congress approves this plan, the funding would be spent on developing and/or improving trains that travel at approximately 250 miles/hour, as well as spent on connecting existing rail lines to new developed high speed lines."

Comment: Re:do *not* Get a tunnel. (Score 1) 312

by jaredmauch (#35087124) Attached to: Last Available IPv4 Blocks Allocated

You're talking about small routers. I'm talking about stuff like t1600 where everything is done entirely in hardware. If you look at the QFP in the ASR1k (cisco) you will see where it can do the nat, etc in hardware. that's more sensible than a lot of the devices where things are just pure slow-path (ie: punted to cpu for the fib lookup based on the various ribs your device may have).

We're talking about entirely different classes [and engineered uses] of equipment, and that's obvious to me. Hope you understand that as well.

Comment: Re:do *not* Get a tunnel. (Score 1) 312

by jaredmauch (#35078746) Attached to: Last Available IPv4 Blocks Allocated

You are talking about a Firewall device that performs NAT, (and appears as a "router" on the lan. Most of what you see at the store/online is not a "real" router IMHO. Then again, I'm biased as I deal with n*10G all day in a large network. When people call those devices at their home a 'modem' or 'router' i generally wince. I think of them more along the lines of a media converter (dsl, cable to rj45/802.3)

Comment: do *not* Get a tunnel. (Score 1) 312

by jaredmauch (#35068128) Attached to: Last Available IPv4 Blocks Allocated

Real routers don't have 'state tables'.

Ask your ISP for IPv6 access. Enable your web server/site for IPv6 day. Use a 'web bug' tracker item to identify broken thins.

visit places like to try to understand how ready you are.

Make sure if you have a tunnel, or use one, you do not add too much latency to your connection. The CDNs won't send your traffic over IPv6 if your IPv6 goes to some other continent or geographical region.

The shortest distance between two points is under construction. -- Noelie Alito