|
||||||||
----- Original Message ----- From: "Jim Gifford" <jim at giffords dot net> > > It's very simple to hack into mono. > > Is this the email you mean? > > http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=24&actionargs[]=36 Yes - that's the e-mail. > > You said right in that email that you hadn't added it to m0n0wall. That particular box is not monowall but monobsd. I have looked at monowall and it is very simple to hack it in. > > Having to manually set up ipfw rules for each and every IP address seems > like a lot of work. :( I have to do this anyway for wireless clients because of something called the "hidden node problem" a discussion of which is far outside the scope of this group. Also, all the firewall rules for individual IPs were only done once and will only need changes (minor ones) if my IP block changes. For the size networks mono supports on small embedded computers, the IP blocks are usually pretty small and ease to configure. > > I think I'd rather do the ethernet tap, and do it outside m0n0wall, where > I can also run an IDS and other things as I choose. I would rather *not* > have to keep hacking the stock image every time there is a m0n0wall > upgrade. I'd rather not have to keep hacking mono either. Unfortunately, this particular system is in a location where space is at a premium and I have to do everything inside the Soekris. It's nice when you have the luxury of using several boxes for the various functions - unfortunately in the real world (mine at least) it's usually not feasible. This was not intended to be the one and only answer to IP level tracking - just a demonstration of a real world production system that is doing stats in a fairly simple way. > > jim > John Voigt, President Reston Wireless, LLC High speed internet service no smoke, no mirrors, no wires (tm) http://www.reston-wireless.net/ |