What is the modern "Floppy-Based" router based on?
Kelsay, Brian - Kansas City, MO
brian.kelsay at kcc.usda.gov
Wed Mar 1 08:34:35 CST 2006
I have several pen drive/memory cards with a lock switch (write protect)
on them. Sandisk Mini Cruzer and several MMC/SD Flash Memory cards.
A CDRW is not vulnerable if there is no access to the tools to write on
said CD and if the session is finalized. I use CDRW disks for writing
ISOs of various LiveCD distros that I keep up with. When you write an
ISO image to the disk, the session is normally closed. That means you
can't write anything else to the disk until you erase it and rewrite it.
I believe Puppy Linux and one or two others have a method of leaving the
session open, to enable live config changes.
IPCop runs from HDD, with appropriate permissions, default DENY rules,
and only enough Linux to do the firewall and router thing, built from
LFS, previously it was a stripped older RedHat. Devil Linux runs from a
LiveCD, with configs backed up to floppy I think. Freesco used to run
from floppy only, but I think it is now installed to HDD. PublicIP,
Linux wireless AP, runs from CD or HDD and config can be on local floppy
and some items retrieved from the PublicIP website account. M0n0wall is
a *BSD that runs from floppy or CF card. I just bashed out the details
that I knew off the top of my head.
You have to choose something that suits your comfort level. Any distro
installed to HDD and exposed to the Internet needs to have a strong
password. Block ssh to that box if you only want to change config while
local to the box. Don't allow root to ssh, so you must ssh as a user
and then su to root (two passwords req'd.).
>-----Original Message-----
>From: Behalf Of Leo Mauler
>Sent: Wednesday, March 01, 2006 6:17 AM
>
>I was going over some of my old links (in backup CDs) and
>found this interesting link to creating 1.680MB floppy disks
>for use in floppy-based routers and
>gateways:
>
>http://www.trevormarshall.com/byte_articles/byte19.htm
>
>This made me think about the whole concept of the PC-based
>router/bridge. Floppy disks have the write-protect tab on
>them, making them easily switched (provided you have direct
>access to the PC) from write-protect to run the router, to
>flipping the write-protect tab for editing the router, and
>then flipping it back to write-protect once you are finished
>with the edit.
>
>What can the modern PC-based router use to duplicate this nice
>combination of security and ease of editing?
> You can duplicate the security (and possibly make it
>better) with a write-once CD-R, but to make changes you have
>to write an entirely new CD. ReWritable CDs aren't a good
>idea precisely because they have no "write-protect tab". The
>same might go for a memory key, since there is no
>"write-protect tab" for a memory key.
>
<snip>
>
More information about the Kclug
mailing list