Text 7398, 90 rader
Skriven 2006-09-08 03:46:00 av WAYNE CHIRNSIDE (1:123/140)
     Kommentar till en text av PAUL ROGERS
Ärende: Re: Just checking
=========================
-=> PAUL ROGERS wrote to WAYNE CHIRNSIDE <=-

 PR> When I bought this 486DX33 system 15 years ago, I paid for components
 PR> that would give me "room for growth".  I got Micronics EISA
 PR> motherboard, because it was the first one that really worked, and gave
 PR> me 4x the ISA buss speed.  I had intentions of by-passing DOS and
 PR> installing BSD/386, which I was told would require 200MB or so, if I
 PR> wanted sources.  Got the best Sony 14" monitor.  The whole kit was
 PR> ~$6K, not cheap.

When I first got hurt and hit Voc Rehab for retraining I
bought a Packard Bell 486 Dx-2, 3,500.00 also not cheap.

 PR> It HAS been upgraded.  32MB, because there is a flaw in the full-AT,
 PR> TTL/PAL MoBo that has an addressing problem with more--I tried when 4MB
 PR> 30-pin SIMMS got cheap enough. 

I got a 72 pin 16 Meg SIMM at the bargain price of $245.00 which added
to the 4 Meg surface mount gave me 20M

PR>  Adaptec EISA SCSI & 3COM EISA NIC.  1GB
 PR> internal SCSI drive, still running DOS/Win3.1, but one SCSI drive tray
 PR> I can use for other things, /NT4 WS for a while.  Last year it got a
 PR> 2GB drive, partially for backup storage of the internal drive, but with
 PR> a 1GB partition running RHL6.1--FINALLY!  

No SCSI here.
Upgraded with Promise Tech EideMax I/O card for up to 8.4 Gig virtual memory
however.
Had a small Segage 340 and a WD 2.5 Gig on it. 

PR> Last year also the Dallas
 PR> Semiconductor battery/clock module finally gave up the ghost, but I
 PR> salvaged another newer one, so it's good to go another 10 years!

There's no getting them cheap.

 PR> Because RHL6.1 uses kernel-2.2.10-20, it only has ipchains and can't do
 PR> connection tracking and stateful inspection as iptables does with 2.4+
 PR> kernels.  But the past few days I've been reworking the chains because
 PR> it was MUCH too loose.  I like to restrict output to just the
 PR> well-known ports I will use, lest something try to phone home as
 PR> apparently happened to you.  I don't want any intrusion recruiting
 PR> reinforcements.

I just upgraded a bunch of security issues, just a few more tomorrow.
Going on 4 AM and dazed and confused.
Highly productive day however with lots done and no real errors.
Stupid one with no consequences had me f or a couple of hours.

 PR> Last night I gave it a try.  Active mode FTP requires my client accept
 PR> a new connection from the internet/server--not a chance!  Even passive
 PR> mode means I have to open the "ephemeral" ports above 1024, enabling
 PR> some little ET to phone home and start a connection for its own FTP
 PR> download.  I don't like it at all, but that's all ipchains can do!  I
 PR> did it for a few minutes to make sure it works, and it does.  The
 PR> authors of books I have that "try" to explain firewalls, have it wrong
 PR> for FTP.  When I proved it, I commented out the FTP acceptance rules.
 PR> Then I tried Navigator-4.7, and it worked too, except on sites with
 PR> modern Java scripts, like Yahoo!.  I suppose I might use a proxy, but
 PR> that also introduces another source of possible vulnerability.

Navigator 4.7 or 4.07 for Win 3.1?
4.08 is the last I had on the Seagate, you know the isolated slave with
malware.

 PR> Sure, some might consider this an effort without a payback.  This 486
 PR> is at best a "deep backup".  

Shoot I was happy with my 486 too, did most of the stuff I required.
I jumpered a 20 pin header where the 2400 dauterboard modem sat so I 
could recover COM 1, something most say you can't do on a Packard Bell.

PR>After all, I've got an identical pair of
 PR> Pentiums I use everyday, and three different more powerful systems than
 PR> them!  The thing is, if you're going to have a computer connected to
 PR> the internet, take responsibility for learning what your firewall does,
 PR> what it doesn't do, and what you can do to make yourself more secure.
 PR> This is all about my learning what my firewalls can do, what they don't
 PR> do, and what exposures I have.  I learned ipchains might still pass a
 PR> spoofed packet that claims to be from an existing connection.  Now
 PR> what? It isn't about access from the 486 at all!  My network security
 PR> is in my own hands.


I've a new planning approach that holds some promise.
Hope to get to sleep before dawn.
Shoot I did a lot today and nothing broke :-) 
--- MultiMail/Linux v0.47
 * Origin: Try Our Web Based QWK: DOCSPLACE.ORG (1:123/140)