Re: Good ADSL router/card with packet re-writing?
- From: Ian Rawlings <news05@xxxxxxxxxxxxx>
- Date: Sun, 31 Jul 2005 00:53:12 +0100
On 2005-07-30, Greg Hennessy <me@xxxxxxxxxxx> wrote:
> I run a speedtouch here and it has no problems dealing with traffic
> loads generated by the usual suspects.
Cheers, I'll add it to the list, but I'm going to pursue making a
linux box the external box. As you may have found, doing odd testing
stuff behind a firewall can cause the firewall to drop packets coming
back from the target host, a problem I had with Checkpoint products
for sure. If I can run a probe directly on the machine connected to
the ADSL line then hopefully I'll get less of that. At any rate, with
a linux box directly connected to the ADSL then I'll have much better
logging/tracking/snooping/debugging potential than a dedicated router
can offer.
If I can get bridging to work on the current router then that would be
ideal, I'll chase that idea initially.
> Hmmm, what make/model router ?
A D-Link 504T upgraded to the latest firmware, despite which the clock
still doesn't work and the logging is pathetic.
A Belkin F5D7630-4A wireless ADSL router that I bought in desperation
on a sunday when the D-Link kept dropping incoming connections.
There's not much about this kit that isn't pathetic, this is the one
that crashes, the D-Link just silently drops connections at random if
you overload it. Router was updated to latest firmware, no change
unfortuntately.
> However you will meet pps limitations inherent in trying to scan out
> over a 256k link.
Yep, thanks for pointing out the bleedin' obvious ;-)
> Are you monitoring the router with something like cacti or jffnms ?
> If so the pps graph will show exactly what I refer to.
I've used iftop on my machine to check it, looks fine to me. Also
using a known capable router indicated that all the scans were getting
through acceptably.
> Attempting to run an nmap scan through PF is an exercise in futility
> :-).
Depends on the scan, for a basic syn scan or UDP scan it's fine,
although the linux firewall used to run out of conntrack thingummies
so I rarely use a firewall. The routers have network translation
so where I can I turn off the firewall on the router, but of course
the network translation still requires connection tracking as the
routers don't give enough control to do straight packet header
re-writing.
I used to have lots of problems when scanning from work because the
people running the firewalls thought they knew better and kept
filtering my box to "keep me safe", strangely enough they thought that
I would be kept safe by netbios, SNMP and a few other protocols being
dropped outgoing, but allowed incoming... Didn't find out about that
for a month or so when I asked to look at the ruleset because I didn't
trust the results I was getting or the bland re-assurances I got about
my connection being unfiltered. My remote scanning box at work is on
a DSL line seperate from the company firewall now ;-) All I need to do
now is get scanning working from home, which would be useful as we've
been bought by another company so I now will have a whole new set of
I.T. bods to battle with.
--
For every expert, there is an equal but opposite expert
.
- Follow-Ups:
- Re: Good ADSL router/card with packet re-writing?
- From: Greg Hennessy
- Re: Good ADSL router/card with packet re-writing?
- References:
- Good ADSL router/card with packet re-writing?
- From: Ian Rawlings
- Re: Good ADSL router/card with packet re-writing?
- From: Greg Hennessy
- Re: Good ADSL router/card with packet re-writing?
- From: Ian Rawlings
- Re: Good ADSL router/card with packet re-writing?
- From: Greg Hennessy
- Good ADSL router/card with packet re-writing?
- Prev by Date: Re: What does it mean if sysrq doesn't work?
- Next by Date: Re: Good ADSL router/card with packet re-writing?
- Previous by thread: Re: Good ADSL router/card with packet re-writing?
- Next by thread: Re: Good ADSL router/card with packet re-writing?
- Index(es):
Relevant Pages
|
