Go Back   Phoenix Labs > Projects > PeerGuardian Linux
Reload this Page repackaging pg for debian
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
Page 3 of 3 < 12 3
 
Thread Tools Display Modes

 
Old 03-20-2006, 06:51 AM   #21
lestlest

Member
Join Date: Mar 2006
Posts: 53
Default Re: repackaging pg for debian
Quote:
Originally Posted by jre
I see the security risk in those few seconds a day when PG is not running. If someone from outside or some bad program on your machine establishes a connections to a bad IP then PG will not be able to drop these packets when he's running again.
I just wonder what happens when in this time a connection is established to a fake-seeder (didi i use the right word? i'm talking about P2P). This would damage the "security" PG aims at.
jre
The "state RELATED,ESTABLISHED" rule comes before the jump to QUEUE. So if peerguardian is running and a new connections is established, the rule does not match and the traffic ends up in QUEUE. If peerguardian is accepting the traffic, the next time the rule does match and peerguardnf is not consulted anymore.
If, on the other hand, peerguardnf is not running, new connections end up in QUEUE and are dropped.
lestlest is offline   Reply With Quote

 
Old 03-20-2006, 07:26 AM   #22
jre

Senior Member
Join Date: Sep 2005
Posts: 588
Default Re: repackaging pg for debian
Ah, I understand, that offloads works from PG (check every good IP only once) while PG is running.
Quote:
Originally Posted by lestlest
If, on the other hand, peerguardnf is not running, new connections end up in QUEUE and are dropped.
Imagine this: PeerGuardian is not running, no rules are inserted --> every new connection is accepted
PeerGuardian gets started, rules are inserted, connection to bad IP was established before --> Bad IP won't get filtered
Maybe I need to rethink, it's not that big security risk anyway.


Something other: I removed some files from your package manually and they weren't reinstalled by your new package when I did an update:
/etc/default/peerguardnf
/etc/cron.daily/peerguardnf
/etc/logrotate.d/peerguardnf
AFAIK you can mark files as conf-files in Debian-packages. Then at every update the system checks if they were changed/deleted and asks what to do.
jre
jre is offline   Reply With Quote

 
Old 03-20-2006, 09:39 AM   #23
lestlest

Member
Join Date: Mar 2006
Posts: 53
Default Re: repackaging pg for debian
Quote:
Originally Posted by jre
Ah, I understand, that offloads works from PG (check every good IP only once) while PG is running.

Imagine this: PeerGuardian is not running, no rules are inserted --> every new connection is accepted
PeerGuardian gets started, rules are inserted, connection to bad IP was established before --> Bad IP won't get filtered
Maybe I need to rethink, it's not that big security risk anyway.
You are right. I will try to find a better solution.

Quote:
Originally Posted by jre
Something other: I removed some files from your package manually and they weren't reinstalled by your new package when I did an update:
/etc/default/peerguardnf
/etc/cron.daily/peerguardnf
/etc/logrotate.d/peerguardnf
AFAIK you can mark files as conf-files in Debian-packages. Then at every update the system checks if they were changed/deleted and asks what to do.
jre
That's odd. If you open the package with mc, you can have a look at the DEBIAN folder. Inside you will find a file conffiles that contains all files in /etc/ that are installed by the package. So the package management knows about the configuration files. But I will recheck this on my on machine nonetheless.
lestlest is offline   Reply With Quote

 
Old 03-20-2006, 10:19 AM   #24
Morpheus

MoBlock Developer
Join Date: Mar 2006
Country: Italy
Posts: 92
Send a message via ICQ to Morpheus
Default Re: repackaging pg for debian
Quote:
Originally Posted by jre
Ah, I understand, that offloads works from PG (check every good IP only once) while PG is running.

Imagine this: PeerGuardian is not running, no rules are inserted --> every new connection is accepted
PeerGuardian gets started, rules are inserted, connection to bad IP was established before --> Bad IP won't get filtered
Maybe I need to rethink, it's not that big security risk anyway.
Unfortunately you don't have many choices, using --state NEW statements offload _much_ work from pg expecially at high network rates so it is very useful, but it can happen what you say about already established connections.
But i think it's a lot more probable that a malicious host has an ip that is not in your block list than the situation you described!
__________________
MoBlock
Morpheus is offline   Reply With Quote
Reply
Page 3 of 3 < 12 3

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 02:13 PM.

Contact Us - Phoenix Labs - Archive - Top

  

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
© Phoenix Labs Staff