What is the modern "Floppy-Based" router based on?

John unixengineer at earthlink.net
Sun Mar 5 00:48:18 CST 2006 

http://linuxhelp.blogspot.com/2005/11/make-your-files-immutable-which-even.html

I looked into a couple of things and had an idea that the link above plays into with this.  What if you simply set the attributes for all of the files you wanted to read-only, set them to immutable, and any further attributes on the build system, but fail to put chattr on the router you are building.  This means the files can't be removed, changed, etc on the router and if you tell it to mount Read-only for / on boot, problem solved.  That would be the ulta-paranoid approach I would do.  That way even if they managed to get it mounted RW, what can they change since the attributes would prevent changes and chattr wouldn't exist on the router.  Another good way to ensure less issues is to minimize the system.  Build it with a kernel, busybox, and the needed startup/support files for the router task.  I would also suggest minimizing the abilities of apache if you decide to make it web configurable.  Or look for a alternative web server thats hardened and small.  

-John Frakes
unixengineer at earthlink.net

-----Original Message-----
>From: Leo Mauler <webgiant at yahoo.com>
>Sent: Mar 4, 2006 10:42 PM
>To: kclug at kclug.org
>Subject: Re: What is the modern "Floppy-Based" router based on?
>
>The main problem with the CF card solution is that the
>CF card has no "write-protect" feature.  The original
>reason this topic was brought up in the first place
>was that floppy-based routers have easily switched
>write-protect tabs, allowing one to easily edit the
>floppy if necessary, then switch it back to
>write-protect mode for normal operation.
>
>Now, someone else has pointed out that there are a few
>USB memory keys which have write-protect tabs, which
>would make them an ideal substitute for the
>floppy-based router.
>
>--- Michael <mogmios at mlug.missouri.edu> wrote:
>> Better yet get a small (cheap) CF card and CF 
>> to IDE converter and use that. Very reliable 
>> and can be put together with a GB of space 
>> for little more than a floppy drive. About 
>> $20 usually.
>> 
>> Kelsay, Brian - Kansas City, MO wrote:
>> > I ran a firewall off one with Freesco for 
>> > something like 2 years.  If a floppy isn't 
>> > going to work in this mode, you find out 
>> > real quick when you try to format it and 
>> > use rawwrite to put the .img file on it.  
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam?  Yahoo! Mail has the best spam protection around 
>http://mail.yahoo.com 
>_______________________________________________
>Kclug mailing list
>Kclug at kclug.org
>http://kclug.org/mailman/listinfo/kclug

More information about the Kclug mailing list