SSDT Hooking vulnerable, 100% of tested firewalls vulnerable.

[evilghost]

Article:
http://www.matousec.com/projects/win...re-drivers.php

[Q]

I use Comodo Personal Firewall, but still... that's a bit unnerving.

What do you recommend for securing a home network, Ghost? How is YOUR network set up at home, if you don't mind me asking.

[evilghost]

It'd be hard to describe my setup and have it make any sense, probably would take a couple of pages.

I'd get an OpenWRT device and add explicit ingress/egress iptables policies, redirect HTTP traffic to SQUID, and use inline SNORT with bleeding-snort sigs.

I wouldn't rely on Win32 firewalls.

[Q]

Quote:

Originally Posted by evilghost

I wouldn't rely on Win32 firewalls.

That's surprising. I would have thought you would have been using a machine with Vista Home Basic's built-in firewall and then just bridge the connection.

[Q]

Quote:

Originally Posted by evilghost

It'd be hard to describe my setup and have it make any sense, probably would take a couple of pages.

Oh please, enlighten us! If you have the time, who cares about a couple pages. Your post would actually be INFORMATION instead of FAPPING and gehsex.

[evilghost]

Quote:

Originally Posted by Q

Oh please, enlighten us! If you have the time, who cares about a couple pages. Your post would actually be INFORMATION instead of FAPPING and gehsex.

OpenWRT with iptables, explicit ingress/egress policy. SQUID proxy server on primary server. iprecorder (tcpdump w/redirection to pcap) bound to WAN interface on OpenWRT over SSH to pcap file(s) on server (excellent forensic investigation tool since I can review raw packet data). Perl code tailing pcap with redirection to FIFO. Snort + BASE on server reading FIFO.

OSSEC-HIDS watching server, syslog-ng receive syslog messages from OpenWRT.

That's just the "network layer" crap, when we start talking application layer we'll be a couple of pages.

[Tuork]

So many acronyms...

ugh... my head

[Absolution]

my rootkit to avoid punkbuster is vulnerable, oh noes!

[ViN86]

Quote:

Originally Posted by Q

Oh please, enlighten us! If you have the time, who cares about a couple pages. Your post would actually be INFORMATION instead of FAPPING and gehsex.

yea, cause ghost gets paid to help you...

ghost, im sure this affects Vista as well, correct? what would be the simplest way to prevent an attack of this type?

[Q]

Quote:

Originally Posted by ViN86

yea, cause ghost gets paid to help you...

Uh....what the hell, man?

I wasn't saying "give me help, now!" I even started off with "if you don't mind...", then when he said that it would be a couple pages I said "if he had the time". I wasn't making demands and I was just hoping that he would share the general topology of his home network with us since he obviously knows what he's doing. I wasn't badgering the guy!

And that was like a month ago. Geeze!

[ViN86]

Quote:

Originally Posted by Q

Uh....what the hell, man?

I wasn't saying "give me help, now!" I even started off with "if you don't mind...", then when he said that it would be a couple pages I said "if he had the time". I wasn't making demands and I was just hoping that he would share the general topology of his home network with us since he obviously knows what he's doing. I wasn't badgering the guy!

And that was like a month ago. Geeze!

my bad, i didnt pick up the sarcasm in the post

sorry Q, i thought it was out of your character to be mean to ghost. sorry

[Q]

Quote:

Originally Posted by ViN86

my bad, i didnt pick up the sarcasm in the post

sorry Q, i thought it was out of your character to be mean to ghost. sorry

Me and Ghost have a man-baby. There is NO love lost there, I assure you.