Slashdot Mirror

← Back to Domains

Domain: linksys.com

Stories and comments across the archive that link to linksys.com.

Comments · 415

  1. First Widener!!! by CmderTaco · · Score: -1 · on Building Linux Virtual Private Networks
    .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't --
    - Marco     Share twitter facebook linkedin
  2. 10th post (Score:-1, Offtopic) by Anonymous Coward writes: on Wednesday February 27, 2002 @03:35AM (#3077644) I claim this early post for JinWicked! Share twitter facebook linkedin
  3. Is it as good as New Riders' MySQL book? (Score:0) by Anonymous Coward writes: on Wednesday February 27, 2002 @03:36AM (#3077649) New Riders' MySQL book is mighty fine; if this is half as good it'll be worth reading Share twitter facebook linkedin
  4. ep (Score:-1) by bitchslapboy ( 193543 ) writes: Alter Relationship on Wednesday February 27, 2002 @03:37AM (#3077652) Homepage This early post for Ida! --

    Slashdot - contra bonos mores Share twitter facebook linkedin
  5. first dead penis bird (Score:-1) by neal n bob ( 531011 ) writes: Alter Relationship on Wednesday February 27, 2002 @03:38AM (#3077655) Homepage Journal man this site really, really sucks. Hardly makes it worth mentioning that you can kiss my grits. Share twitter facebook linkedin
  6. What's complicated about FreeSWAN? (Score:4, Interesting) by Anonymous Coward writes: on Wednesday February 27, 2002 @03:39AM (#3077660) They have excellent documentation and they keep the documentation trees for older versions online. Installation is as complicated as running a skript and installing the recompiled kernel, if even that. I guess it never hurts to have more documentation, but saying that IPSec is "a difficult beast to ride" produces more awe than necessary. Share twitter facebook linkedin
    • Re:What's complicated about FreeSWAN? (Score:-1, Offtopic) by Anonymous Coward writes: on Wednesday February 27, 2002 @03:45AM (#3077703) Overrated, maybe. But redundant? Parent Share twitter facebook linkedin
    • Re:What's complicated about FreeSWAN? (Score:5, Insightful) by Starship Trooper ( 523907 ) writes: Alter Relationship on Wednesday February 27, 2002 @03:49AM (#3077724) Homepage Journal What's complicated about FreeSWAN?

      Well, a LOT. Not if you're deeply involved technically in the project, but if you back out and take the perspective of someone who's never used a VPN, plenty.

      A lot of people don't even think about the fact that there's a separate protocol field in IP, or that people run any IP protocol but UDP or TCP. Getting 50/51 through your existing firmware firewall can be a real trick. FreeSWAN requires you to be able have the GNU Multi-Precision library installed for the crypto calculations before you compile it. Unless your distro can with FreeSWAN, you have to recompile your kernel with modifications.

      And, like many tools, there's no single graphical GUI; unlike SAMBA's excellent SWAT, there's nothing to lead you to ipsec.conf or ipsec.secrets. There's a LOT of reading to be done.

      Ok, so, for you or me, it's easy. Maybe a day of reading tops. But compare that to the commercial world where an application must install and be configured from a GUI in a few hours, and FreeSWAN is... nearly a toy. It's unusable in a business environment. As soon as you say "compile", a CTO is going to turn down your volume.

      It's cool, but don't call it uncomplicated. That's part of it's coolness (-;

      --
      Loneliness is a power that we possess to give or take away forever Parent Share twitter facebook linkedin
      • Re:What's complicated about FreeSWAN? (Score:3, Insightful) by smcavoy ( 114157 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:30AM (#3077979) I use Freeswan in a production environment. I have Embedded Linux routers using freeswan connecting to Linux boxes. They VPNs are relatively simple, 2 outgoing connections to central
        systems. I did find there was a large learning curve at the beginning, but now it takes 5 min to setup a new vpn tunnel. The systems have been extremely reliable. I've never had a problem (other than net congestion) with keeping the tunnels up. A lot of the tunnels have 80+ days of uptime. As for compiling, most modern distros include IPSec (trustix, mandrake, etc.) or there are options like Astaro. Having a CTO "turn down your volume" based on the fact that you have to compile software, doesn't say anything about the quality or reliability of the software, that's a personal decision by CTO not to use OSS. I do agree it's not point and click, and that would be nice, but to say it's unusable in a business environment is just untrue. It's not pretty but it works, and works well. Parent Share twitter facebook linkedin
      • Re:What's complicated about FreeSWAN? (Score:0) by Anonymous Coward writes: on Wednesday February 27, 2002 @04:54AM (#3078169) How right you are. As a system admin that has always used windows or dos. I am tring to change. I want to start using some Linux servers here, but one of the things that I want to use is free/swan. It does seem great, but as a 1 person IT department I have not found the time that I need to read and understand the documentation on swan. Do I want a GUI Heck yes. Do I still want access to the .conf file Heck yes. These problems are around a lot in the Linux community. The people that have always used linux do see it as hard and some dont want us new people to whine because it is not "dumb down", but on the other hand they want all of us to switch to it. I dont want to do away with the command line at all. I love it for a lot of what I do, but when I want to make changes or try out some new tools I dont want to have to spend 1-2 days reading ALL the docs just to know where to start. Just my 2 cents.
        Let the flames begin!!!! Parent Share twitter facebook linkedin
        • Re:What's complicated about FreeSWAN? (Score:3, Insightful) by disappear ( 21915 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:03AM (#3078246) Homepage
          one of the things that I want to use is free/swan. It does seem great, but as a 1 person IT department I have not found the time that I need to read and understand the documentation on swan. Do I want a GUI Heck yes.

          With security software in general, and VPN software in particular, that's a very, very dangerous attitude: a GUI may fool you into thinking that you understand what's going on when in reality you haven't a clue. With most software, that's not an issue, but with security software, that can compromise the very goal you're trying to achieve.

          I dont want to do away with the command line at all. I love it for a lot of what I do, but when I want to make changes or try out some new tools I dont want to have to spend 1-2 days reading ALL the docs just to know where to start.

          How many days do you want to spend cleaning up after a security incident that occurred because the GUI let you get away without spending two days reading documentation? How much time will you save in the long run if every time you save two days reading documentation you spend three days cleaning up?

          (We lose money on every item --- but we make it up in volume!)

          Parent Share twitter facebook linkedin
          • Re:What's complicated about FreeSWAN? (Score:1) by BeNude ( 28969 ) writes: Alter Relationship on Wednesday February 27, 2002 @11:15AM (#3081147) Homepage I would disagree with you about the usefulness of a GUI to implement VPN's or firewalls.

            First of all, a GUI interface, if it is well-designed, can provide every bit as much control over the underlying security behavior of a firewall as any command-line interface. Furthermore, a GUI allows an administrator to spend less time trying to deal with syntax, etc., and more time on building a ruleset that is secure.

            Someone who has done the reading and understands how firewalls and VPN's work will appreciate a GUI because of this.

            For those who don't fully understand how firewalls and VPN's work, a GUI at least provides a reasonable learning environment and early attempts at a ruleset will probably more secure anyhow. :)

            Parent Share twitter facebook linkedin
        • IANACLB (Score:4, Interesting) by hey! ( 33014 ) writes: Alter Relationship on Wednesday February 27, 2002 @06:21AM (#3078804) Homepage Journal IANACLB (I Am Not a Command Line Bigot), but doing better than a CLI interface in an area like this is a tall order. It's not something you can just slap onto the product in a few days (as most VPN box configuration GUIs I've seen appear to be).

          The problem with the GUI interfaces I have seen is that they really don't give you any effective conceptual support. You have to figure out the topology and requirements of your network, then you do this bit of intellectual gymnastics that turns these global requirements and properties into settings for each individual box, THEN you sit down at your GUI. At that stage, the GUI can have very little benefit, since you are talking about a half dozen relatively simple commands you need to type in. In fact, typing them in means you can keep them in a little word processor file and send them to the box over and over again with little changes -- good for setting up multiple boxes or for playing around with a single box you are repeatedly pin-resetting.

          To really help a person like you who doesn't have time to bone up on every box you are working with, what you really need is something that is kind of a cross between a network management system and a CAD system. You would sketch out your network, and drop little dollops of distinctively colored "paint" on each network or host that needs to participate in some virtual network. The system would then output configurations to download to each of the participating firewalls or hosts.

          A GUI that just configures and individual box does practically nothing for you.
          --
          Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure. Parent Share twitter facebook linkedin
      • Where to get Freeswan packages for Red Hat (Score:2) by Nailer ( 69468 ) writes: Alter Relationship on Wednesday February 27, 2002 @10:47AM (#3080965) Unless your distro can with FreeSWAN, you have to recompile your kernel with modifications.

        Non-US distributions like SuSE and Debian can include Freeswan in their list of apps. US based ones like Red Hat can't. But some lovely fellows at Steambaloon (a Linux security consulting firm - no, I work for someone else) produce source and binary packages of the original and updated Red Hat kernels (with the AC patches, extensive testing, and old 2.4 VM) with Klips, the kernel level part of ipsec, compiled in.

        Parent Share twitter facebook linkedin
      • How stupid is the CTO? (Score:1) by SharpNose ( 132636 ) writes: Alter Relationship on Wednesday February 27, 2002 @11:21AM (#3081178) Journal Let's see: provided I know FreeSWAN, I can grab a machine and start setting it up immediately. If I want to get something commercial and very expensive, I have to fill out how many forms, get approval from how many people, wait for it to get ordered how long? Exactly where are you starting your clock when you say "configured from GUI in a few hours?"

        Parent Share twitter facebook linkedin
    • Re:What's complicated about FreeSWAN? (Score:3, Interesting) by LWolenczak ( 10527 ) writes: Alter Relationship <julia@evilcow.org> on Wednesday February 27, 2002 @04:25AM (#3077934) Homepage Journal The FreeS/WAN people don't document everything that you can do with frees/wan. Its very neat when you get down to the point where your playing with dozens of tunnels confiugred every which way.

      One of the things that they don't tell you how to do, i guess so they don't get asked questions, is how to put gre traffic inside of an ipsec tunnel and make it work right. Also, it seems to have slipped by that you CAN make two linux 2.4 secure gateways talk to each other over the ipsec tunnel.

      I have a couple samples of some of the neat things I have done at http://lwolenczak.net/ipsec.html Parent Share twitter facebook linkedin
    • Re:What's complicated about FreeSWAN? (Score:3, Interesting) by Etyenne ( 4915 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:40AM (#3078498) Complicated thing with FreeSWAN :

      - Client behind NAT

      - Left/Right side nomenclature really confuse me; they could have used "peers" or client/server, I don't know

      - Recompiling kernel; easy if you have a single box, quite hard when you manage 30+. Plus it require you to commit the sin of rebooting the machine.

      At work, we have choosen CIPE for Linux-Linux VPN. It is totally userland, come stock on recent RedHat version and is available as RPM; all that make it is easy to install and upgrade on a lot of machines. Plus the config file is really dumb-proof. We are stuck using PPTP for Windows-Linux VPN because that's all the Windows monkeys know about. --
      :wq Parent Share twitter facebook linkedin
      • Re:What's complicated about FreeSWAN? (Score:1) by pivo ( 11957 ) writes: Alter Relationship on Wednesday February 27, 2002 @06:17AM (#3078772) From my understanding of FreeSWAN, it's not intended to connect many machines to a central point, for example a VPN for home manchines connected to a central office. It's intended to link offices together. So you should only have to install it on the specific machines that link those offices. If you're company's so big or disperse that you have thirty officies, then I guess you would have to recompile each kernel, though you'd be smarter to have identical machines and build the kernel once then distribute it to each machine.

        We use PPP over SSH for our home/office VPN for Linux and Solaris. It works very well and since it was originally a skunworks project, we didn't even have to get IT to open any new ports since SSH was already supported. Parent Share twitter facebook linkedin
    • Re:What's complicated about FreeSWAN? (Score:2) by LinuxGeek8 ( 184023 ) writes: Alter Relationship on Wednesday February 27, 2002 @06:57AM (#3079084) Homepage I am struggling for some time now to get it going, but I still do not understand how it works.
      On my end I have a linux firewall with iptables.
      And what I could not figure out is what to do with the packet filtering, do I need to accept traffic over 50/ip on the ipsec0 interface or the eth0 interface. Same question for the 500 udp/ip traffic.

      And the other part of the network is connected to a freebsd server with racoon running. That is a completely different ipsec implementation. At least for configuring it is different.

      I believe running a packet filter is quite hard if you want to do it right. You have to understand networking and just play with for a few weeks just to understand it.
      If anyone would tell me he has a secure packet filter running, but cannot explain how it works, I just cannot believe it. You just have to know what you are doing.
      Same with ipsec.
      Ipsec is not only networking, but also crypto.
      So there is more you need to know about it, and it adds extra complexity to firewalling. --
      Well, don't worry about that. We can get you back before you leave. (Dr. Who)
      Parent Share twitter facebook linkedin
      • Re:What's complicated about FreeSWAN? (Score:1) by pfunkmallone ( 89539 ) writes: Alter Relationship on Thursday February 28, 2002 @09:44AM (#3086925) On your eth0 interface of the firewall, you need to allow 500 udp, and 50 tcp (if you're using ESP which is default). This allows the IPSEC peers to setup the tunnel. http://www.freeswan.org/freeswan_trees/freeswan-1. 95/doc/firewall.html

        According to the FreeSwan folks, no firewalling NEEDS to be done on the ipsec0 interfaces, as all packets coming through this tunnel are already being disassembled and "cleaned-up" by freeswan itself. Parent Share twitter facebook linkedin
  7. Women of the world, Stop sucking dick! (Score:-1, Troll) by Anonymous Coward writes: on Wednesday February 27, 2002 @03:46AM (#3077705) Women of the world, it is time to stop sucking dick!

    Sucking dick is the ultimate act of subservience;
    a woman sucking dick not only gets no orgasm for
    her work, but gets a mouthfull of what can only
    be described as warm rancid milk for her efforts.

    This sexual slavery must be stopped!
    Women, reclaim your mouths, and

    STOP
    SUCKING
    DICK! Share twitter facebook linkedin
  8. Alan Thicke. DEAD. (Score:-1) by Alan_Thicke ( 553655 ) writes: Alter Relationship on Wednesday February 27, 2002 @03:47AM (#3077709) Journal I just heard the sad news on CBC radio. Comedy actor/writer Alan Thicke was found dead in his home this morning. Even if you never liked his work, you can appreciate what he did for 80's television. Truly a Canadian icon.
    He will be missed :(



    Show me That Smile (The Growing Pains Theme Song):

    Show me that smile again.
    Ooh show me that smile.
    Don't waste another minute on your crying.
    We're nowhere near the end.
    We're nowhere near.
    The best is ready to begin.

    As long as we got each other
    We got the world
    Sitting right in our hands.
    Baby rain or shine;
    All the time.
    We got each other
    Sharing the laughter and love.

    --
    Alan Thicke's Journal
    My Slashdot ads say " Share twitter facebook linkedin
  9. why? (Score:0) by tplayford ( 308405 ) writes: Alter Relationship <tom@sai[ ]taly.com ['l-i' in gap]> on Wednesday February 27, 2002 @03:51AM (#3077734) I'm sure this book is very usefull etc. But I've set up serveral internationl linux based VPN's now and it really isn't that difficult.

    I suppose this is the same for almost all computer books, easy if you know how...

    Share twitter facebook linkedin
    • Re:why? (Score:2, Insightful) by MonkeyBot ( 545313 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:09AM (#3077844) Sometimes, there are special constraints on the networks you are working with. For instance, I need to use stuff that uses IP, but since PPP over SSH is strictly TCP, I can't use that option. Moreover, my boss is a paranoid guy that doesn't trust some 24-year-old punk (me) to run his firewalls, so both offices have managed firewalls through different ISPs, ruling out the possibility of a single ISP routing traffic over its network to the other office so that I don't have to do anything. This adds additional constraints because since I can't control the firewall without going through pains with both ISPs for several days, I can't even open a port for something like PPTP (which I really wouldn't want to do anyway). Granted, I can probably find out what I need to know from a Google search, but it would be nice to have all the common VPN solutions covered--even just introduced--in a book format. I'm buying it. Parent Share twitter facebook linkedin
      • Re:why? (Score:2) by Junta ( 36770 ) writes: Alter Relationship on Wednesday February 27, 2002 @08:10AM (#3079648) Of course, ppp over ssh implies a full IP tunnel using ppp with ssh underneath, IP in TCP encapsulation, essentially. You get full IP functionality this way, though the architecture is horribly flawed (TCP connections run with TCP somewhere underneath, very bad when packets get loss and two layers start doing recovery).

        Now ssh without ppp on top supports only TCP tunnels, I'll assume that is what you are talking about. A statement that says you need to use IP, but you only get TCP sounds really goofy, since TCP rides on top of IP, phrasing it with the protocols you need (i.e. udp, icmp, etc) would have made the post more sensible (that and omitting ppp...). If I heard someone make the statement you just made I wouldn't trust them with firewall configuration either...
        --
        XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin
      • Re:why? (Score:2) by Pii ( 1955 ) writes: Alter Relationship <jedi.lightsaber@org> on Wednesday February 27, 2002 @08:31AM (#3079810) Journal What do you mean, "PPP over SSH is strictly TCP?"

        Are you saying that ICMP, or UDP, traffic is unable to utilize this tunnel?

        That is certainly not correct. Just as PPP carries all of your IP traffic (any protocol) between your home and your ISP, a PPP over SSH tunnel will also carry whatever you need it to.

        --
        For those that would die defending it, Freedom
        has a sweet taste that the protected will never know.         Parent Share twitter facebook linkedin
    • Re:why? (Score:2) by Bender Unit 22 ( 216955 ) writes: Alter Relationship on Wednesday February 27, 2002 @07:13AM (#3079206) Journal It's not when it works you need the books. It's when it doesn't work you'd wish you had the book.
      I have configured a VPN with the help of a HOW-TO page and it worked. B
      ut when you want to do larger setup's in the "real" world. All kinds of questions comes and demands comes to mind and it's nice to be on top of things and be able to say from the first meeting, what is possible and what is not. Parent Share twitter facebook linkedin
  10. Garsh (Score:-1) by Guns n' Roses Troll ( 207208 ) writes: Alter Relationship on Wednesday February 27, 2002 @03:51AM (#3077735) Homepage I never knew that a high-steppin' yella could do that.
    Share twitter facebook linkedin
  11. VPN hardware (Score:1, Troll) by pokka ( 557695 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:02AM (#3077793) Building VPNs is a pain in the ass, regardless of whether you're using windows NT/2k or linux. Microsoft's documentation is sketchy (and in some cases completely wrong), and there are very few sources for building a VPN in Linux.

    This book may make it easier to build a VPN, but it's kind of obsolete, now that the Linksys VPN router has been released, making it a matter of plugging in and turning on. Of course, if you have plenty of free time, but very little money, you might go for the book instead. Share twitter facebook linkedin
    • Re:VPN hardware (Score:-1, Offtopic) by Anonymous Coward writes: on Wednesday February 27, 2002 @04:17AM (#3077888) Heck of a troll. Good Job! Parent Share twitter facebook linkedin
    • Re:VPN hardware (Score:2, Interesting) by Cyno ( 85911 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:38AM (#3078046) Journal ...or if you're worried about security. I never trust commercial companies to deliver secure code. Specially if they keep it closed source. Unless you want to flash the rom on this thing every few weeks I'd just read up on a linux ppp over ssh solution and write some scripts to keep that software updated. Parent Share twitter facebook linkedin
    • Re:VPN hardware (Score:1) by starpool ( 562363 ) writes: Alter Relationship on Wednesday February 27, 2002 @02:12PM (#3081956) We started out making slow progress with FreeS/WAN trying to connect to a Raptor Firewall, and thought we'd try to take the easy way out and use two Linksys VPN Routers. Bottom line: the LVRs will only allow one Class C subnet access to the tunnel. Since we have multiple subnets at 4 different locations, the LVR is disqualified, at least for now. (Maybe Linksys will add this capability to future firmware.) So we're back to FreeS/WAN and Raptor...now if I can just get that book at my local BN. Parent Share twitter facebook linkedin
  12. What's wrong with PPTP? (Score:4, Interesting) by Jacco de Leeuw ( 4646 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:06AM (#3077826) Homepage PPTP is often used for 'road warrior' setups, i.e. people working from home or on the road. It's cheap because there are free (as in speech) PPTP servers for Linux and the Windows PPTP clients are free too (as in beer). In contrast, Windows IPSEC clients are often expensive.

    So, what's wrong with it then? Well, the security of PPTP apparently depends on the password. A German student has written software which can crack the password in a couple of hours on a Pentium II.

    c't (Heise) reported about this.

    --
    -------
    Warning: Slashdot may contain traces of nuts.
    Share twitter facebook linkedin
    • Re:What's wrong with PPTP? (Score:2, Informative) by Anonymous Coward writes: on Wednesday February 27, 2002 @04:19AM (#3077901) It's Point-to-Point Tunneling Protocol and thus more limited than IPSec which can be used in routed mode and can connect arbitrary networks. Parent Share twitter facebook linkedin
    • Re:What's wrong with PPTP? (Score:3, Interesting) by FallLine ( 12211 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:25AM (#3077939) Well firstly, Microsoft's implimentation of PPTP is insecure, buggy on the client side (and the server side, where their server is used), and has a hard time supporting multiple clients in a NAT environment.

      Secondly, a lot of older hardware has little to no support for the GRE protocol that PPTP depends on. Thus many people simply can't use it.

      Thirdly, it's virtually impossible to get two people connecting to the same VPN behind the same NAT network on any hardware. The nature of GRE makes it very difficult since it has no concept of port to diffentiate between packets, only source and destination IP. Unfortunately, NAT is very common these days so this really does matter. Parent Share twitter facebook linkedin
      • Re:What's wrong with PPTP? (Score:0, Troll) by icedivr ( 168266 ) writes: Alter Relationship on Wednesday February 27, 2002 @09:44AM (#3080500) If it's so insecure, why aren't people getting cracked all the time?

        Secondly, since when does hardware support a networking protocol in the absense of software? Any machine that can run 95 or 98 can run PPTP. They have pretty modest hardware requirements by today's standards.

        Thirdly, I have created multiple outbound pptp tunnels behind an ICS connection. It can be done.

        Parent Share twitter facebook linkedin
    • Re:What's wrong with PPTP? (Score:3, Informative) by Junta ( 36770 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:40AM (#3078066) Just FYI, but Win2k and newer (at least) include native IPSEC support that can interoperate with FreeS/WAN and such. Other systems, well, they are intended for home use that doesn't need that functionality.. --
      XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin
    • Re:What's wrong with PPTP? (Score:2, Informative) by jeremiahstanley ( 473105 ) writes: Alter Relationship <miah AT miah DOT org> on Wednesday February 27, 2002 @04:45AM (#3078100) Homepage With Win2k you can get this little patch and then you have a free as in beer IPSec implementation provided by Microsoft under Win2k. It even supports x509 certs. IPSec clients are not that expensive. Look at SSH Sentinal for another option. It even supports the newer AES ciphers (which I don't expect out of Microsoft for a long time)as added security.

      For all of this you have to patch the code to use the newer ciphers. You can get that here and if you need to use x509 certs you can get that stuff here. This is all pretty easy if you have you druthers about compiling new kernels and working with OpenSSL.

      Why this isn't in the kernel to begin with is anybody's guess. I would guess that it has something to do with all those pesky crypto export laws. Just like everything else in the ol US of A we have to sacrifice our freedoms so that we can be safe from the KGB and that one guy from Hackers. --
      Hire me... Parent Share twitter facebook linkedin
    • Its damn slow (Score:1) by moankey ( 142715 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:08AM (#3078275) From testimonies of traveling whatevers the people always complain that PPTP is very sloooow. They preferred using RAS in place, albeit a very expensive phone bill.

      Most were of course higher level execs so their complaining actually mattered. Parent Share twitter facebook linkedin
    • Re:What's wrong with PPTP? (Score:0) by Anonymous Coward writes: on Wednesday February 27, 2002 @05:19AM (#3078347) So, what's wrong with it then? Well, the security of PPTP apparently depends on the password. A German student [uni-freiburg.de] has written software which can crack the password in a couple of hours on a Pentium II.

      Thank god I'm not in Germany!!!! Parent Share twitter facebook linkedin
    • Re:What's wrong with PPTP? (Score:0) by Anonymous Coward writes: on Wednesday February 27, 2002 @05:26AM (#3078396) You can buy PGPnet (IPsec client) in most office depots , office max, or Circuit City for $39. It has the same functionality as the NAI version. Parent Share twitter facebook linkedin
    • wireless PPTP == readable password file (Score:1) by nealmcb ( 125634 ) writes: Alter Relationship on Friday March 01, 2002 @04:59AM (#3091216) Homepage The Heise article is in German, but refers to the original paper which is in English
      Normally, the file /etc/shadow (or /etc/password on old systems) is regarded one of the most vulnerable points of an unix system [Uni99]. If an attacker can obtain the information in this file, the system is nearly hacked. Using Microsoft's PPTP protocol, information about your passwords is not only publicly available, you also provide additional hints about the passwords, which allow to speed-up the attack by a factor of up to 2^16 .

      With this said, it is clear why we believe Microsoft's PPTP implementation isn't suitable for securing wireless networks.

      --

      --Neal
      Go IETF!

      Parent Share twitter facebook linkedin
  13. Problem is getting Management to go along (Score:2, Interesting) by Cy Guy ( 56083 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:27AM (#3077946) Homepage Journal I think the priority should be getting management to understand the importance of using standard protocols instead of proprietary ones.

    Having a book like this one is great if you want to familiarize yourself with the standards and how to implement them on Linux, but the much harder task is getting Management, particularly at larger companies, to see the benefit of implementing a standards based VPN where the users can use any standards based client over any TCP/IP network.

    Instead what I see is managers that want to buy a single product that comes with both the server and client applications, but then doesn't work or is hard to implement when the clients are trying to access the VPN from a cablemodem, DSL, or 802.11 connected machine, and don't (God forbid) want to use MSIE and Citrix on Windows to get onto the office network.

    --
    Work for Change & GET PAID! Share twitter facebook linkedin
  14. Can't beat SSH (Score:2, Insightful) by schlach ( 228441 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:27AM (#3077953) Journal for simple encrypted forwarding

    LocalForward 8080 theproxy:8080
    LocalForward 25 thesmtp:25
    LocalForward 143 theimap:143

    Don't forget your '-g' =) Share twitter facebook linkedin
    • SSH != VPN. That's a good thing. (Score:1) by Brian Hatch ( 523490 ) writes: Alter Relationship <<bri> <at> <ifokr.org>> on Wednesday February 27, 2002 @06:32AM (#3078902) Homepage Journal We have a section about when a VPN is not what you need, and these are the exact kind of examples when a VPN is unnecessary overkill.

      As a side note, if you use '-g', make sure you have iptables/ipchains/hosts.{allow|deny} rulesets enabled to make sure that only authorized machines can use the gateway. Otherwise anyone in the world can use your encrypted tunnel.

      Parent Share twitter facebook linkedin
      • Re:SSH != VPN. That's a good thing. (Score:2) by brassrat77 ( 9533 ) writes: Alter Relationship on Wednesday February 27, 2002 @09:33AM (#3080403) As a side note, if you use '-g', make sure you have iptables/ipchains/hosts.{allow|deny} rulesets enabled to make sure that only authorized machines can use the gateway.

        This is an EXCELLENT POINT that CANNOT BE OVEREMPHASIZED.

        I recently had to set up tunnels to allow a set of NAT'd workstations (laptops runnin a mix of Linux and W2K) access a system on the inside of a remote firewall where SSH was the only available securable protocol. We needed to use the "-g" switch, and the need for filtering access was immediately apparent.

        We ended up using a set of scripts to build the tunnel, including the necessary iptables rules.

        As an aside, I'd check if hosts.allow|deny rules are sufficient - I think the ssh tunnel would make all connections appear to be coming from the host running the tunnel. (Can't check for myself right now)

        Parent Share twitter facebook linkedin
  15. The main problem with IPSEC... (Score:5, Insightful) by Junta ( 36770 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:48AM (#3078126) IPSEC is wonderful, but many businesses don't think things through and use it for telecommuting. Why is this bad? Well, the way this works is that someone connects to the VPN system and gets a full tunnel that allows the authorized client to behave on the internal network as if it was actually there, bypassing the firewall. The problem here is pretty obvious. The client machine is not protected by a firewall,a nd so if the client is compromised, an attacker has a clear path straight past the firewall. So the effectiveness of the firewall is greatly reduced.

    Now if you don't have a firewall protectecting the network, this won't hurt, but if you do, then a solution like ssh is somewhat more secure, as you only set up the tunnels you absolutely need to very specific hosts. While there is still a risk, it is greatly reduced and strikes a good balance between usability and security.

    What IPSEC *is* good for is seamlessly connecting sites together without really expensive dedicated lines securely. While it makes no guarantee as to bandwidht or availability, it does provide almost the same level of security. If a company can't afford lines to sites but still wants to expand, IPSEC is ideal. I use it to connect my home private network to a friends home private network. The key here is that not only do you have to trust the clients whose keys you permit to connect, but you must also trust that the administrator of that client machine or network is sufficiently competent to keep his network secure, as the security of the two networks is tied a lot more closely together... --
    XML is like violence. If it doesn't solve the problem, use more. Share twitter facebook linkedin
    • Re:The main problem with IPSEC... (Score:1, Informative) by Anonymous Coward writes: on Wednesday February 27, 2002 @04:58AM (#3078205) Actually, this is bypassed by disabling split tunneling (allowing the client machine to access the internet "directly" and accessing the VPN tunnel).

      -m

      Parent Share twitter facebook linkedin
      • Re:The main problem with IPSEC... (Score:2) by j7953 ( 457666 ) writes: Alter Relationship on Wednesday February 27, 2002 @07:19AM (#3079240)
        Actually, this is bypassed by disabling split tunneling (allowing the client machine to access the internet "directly" and accessing the VPN tunnel).

        Well, but that doesn't prevent the telecommuter's computer to become compromised with some background logging software that'll collect information when connected to the company network, and send it to the attacker when connected to the internet.

        Of course, using an SSH tunnel also doesn't solve that problem.

        The only real option is to assign IPs from a different subnet to the telecummters' home computers, and having a firewall between that subnet and the rest of the company network that'll not allow access to certain ressources that are especially critical. And, of course, the telecommuters must be educated about the security issues.

        --
        Sig (appended to the end of comments I post, 54 chars) Parent Share twitter facebook linkedin
    • Re:The main problem with IPSEC... (Score:2, Informative) by icedivr ( 168266 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:10AM (#3078285) Your beef can be easily solved by ensuring that the remote machine's default route is down the tunnel.

      As far as I'm concerned, a bigger threat is the road warrior laptop not having adequate virus protection. (VP of Sales does insist on Windows, doesn't he?) Desktops behind the firewall presumably have multiple layers of protection in front of them, the road warrior, maybe not. Parent Share twitter facebook linkedin
    • Re:The main problem with IPSEC... (Score:2) by Shoten ( 260439 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:29AM (#3078417) So, you're saying the main problem with IPSEC is that it's not a magic bullet? Nothing is...get over it. I've heard people say the same about firewalls, saying how firewalls make people think that they're totally secure, so they no longer patch systems or pay attention. That may be true sometimes, but it's still not a valid argument that firewalls are flawed. Security isn't one box or one piece of software, and saying that one has a problem because it doesn't blanket everything is like criticizing deadbolts because thieves can still break a window to get into your home.
      --

      For your security, this post has been encrypted with ROT-13, twice. Parent Share twitter facebook linkedin
      • Re:The main problem with IPSEC... (Score:2) by Junta ( 36770 ) writes: Alter Relationship on Wednesday February 27, 2002 @06:53AM (#3079060) Right, but I was saying that IPSEC is not only not a magic bullet (that is to be expected) but companies outright misuse the technology without any serious thought. They invest tons in making sure they have tight firewalls and policies that prohibit people from hooking up modems to the outside world (internet without firewall), and yet repeat the mistake in a different form time and time again. It would be nice to establish trusted connections to telecommuters, but it just simply can never be secure enough (well, maybe if the telecommuter is the same person who designed the corporate security and takes home security equally seriously, but not worth finding out). --
        XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin
        • Re:The main problem with IPSEC... (Score:2) by Shoten ( 260439 ) writes: Alter Relationship on Thursday February 28, 2002 @03:15AM (#3084102) I see your point, but at that stage of the game, it's not the technology that is to blame. Any solid technology will be a problem if it is not part of a sound, well-thought out implementation. There are ways around the problem as well, however; for example, Checkpoint VPNs can push a security policy out to the client upon connection, enforcing a firewall policy at the end point and prohibiting network communications between that point and any node besides the VPN gateway. But that's a whole other ball of wax, and returns to the issue of making wise choices when rolling out technology.

          The bottom line is, VPNs make it possible to do things in business that aren't cost-effective any other way, and businesses are there to make money, not to be secure. It's a trade-off, and if the return outweighs the risk, it's worth the risk.

          --

          For your security, this post has been encrypted with ROT-13, twice. Parent Share twitter facebook linkedin
    • Re:The main problem with IPSEC... (Score:1) by Sloppy ( 14984 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:59AM (#3078631) Homepage Journal

      So the effectiveness of the firewall is greatly reduced

      Don't you have the same exact problem with desktop machines on the LAN, inside the firewall? Seems to me that VPN-though-a-firewall doesn't introduce any vulnerabilities that you don't already have.

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it. Parent Share twitter facebook linkedin
      • Re:The main problem with IPSEC... (Score:0) by Anonymous Coward writes: on Wednesday February 27, 2002 @06:38AM (#3078946) But LAN machines have never been exposed to the internet. I am sure somebody can put some "fun" deamons up on a machine just waiting for a VPN connection. Parent Share twitter facebook linkedin
        • Re:The main problem with IPSEC... (Score:1) by Sloppy ( 14984 ) writes: Alter Relationship on Wednesday February 27, 2002 @07:18AM (#3079239) Homepage Journal

          But LAN machines have never been exposed to the internet.

          Ha hah hah ha! That's a good one.

          Seriously, it must be nice to work at a place where they haven't heard of "Active Content" and no one uses products like Microsoft Word or Microsoft Outlook. :-)

          --
          As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it. Parent Share twitter facebook linkedin
          • Re:The main problem with IPSEC... (Score:2) by Junta ( 36770 ) writes: Alter Relationship on Wednesday February 27, 2002 @07:48AM (#3079450) When dealing with internal systems, you can enforce all kinds of policies about virus software, etc. You can keep it relatively boxed. With telecommuting, the clients not only have relaxed restrictions, but also are vulnerable while connected to the internet to the sort of attacks firewalls are meant to keep out. Normally, this wouldn't be too bad, but with a full tunnel, that machine will probably contain sensitive information itself and, for the duration of the connection, gives full access to a corporate network if compromised. --
            XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin
          • Re:The main problem with IPSEC... (Score:0) by Anonymous Coward writes: on Wednesday February 27, 2002 @09:07AM (#3080140) If you want to get legalistic about it:

            Local Area Network by definition is not a Wide Area Network now is it? If you have a LAN you cannot be exposed to the internet or it is a WAN. If you run active content then you are running code on the LAN. Don't run unknown code on a LAN. If you downloading something from the internet you are using a WAN interface are you not?

            The point is you have a machine that has been directly exposed to the intenet and now it is on your network and that is NOT the same thing.If I have to go to the head at a bus station I will finish my drink because I won't really know what it is when I get back. Parent Share twitter facebook linkedin
    • Re:The main problem with IPSEC... (Score:1) by -audiowhore- ( 153163 ) writes: Alter Relationship on Wednesday February 27, 2002 @11:08AM (#3081115) Bollocks! There are quite a few commercial VPN clients out there that either have a 'stateful' firewall engine (Check Points Secure Client), and some others that support personal firewall software (the Cisco client has support for Black Ice and Zone Alarms). The Cisco client can be configured to not install or initialise *unless* the personal firewall is installed/running.

      --audiowhore Parent Share twitter facebook linkedin
      • Re:The main problem with IPSEC... (Score:2) by Junta ( 36770 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:22PM (#3082392) But then, how do you ensure the client is using approved software if you are using a standard like IPSEC? I know, corporate policy, but if people are at home, they might try more exotic things... In any event, clients configured like this are a good way to make IPSEC *better* for telecommuting, but the safest bet is to not have full network transparency, but instead only have selected services that telecommuters need and allow only those in your preferred method of access.. --
        XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin
  16. CIPE - a better solution. (Score:3, Informative) by ion++ ( 134665 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:18AM (#3078339) I'm using CIPE for linux at work. It can be found at http://sites.inka.de/sites/bigred/devel/cipe.html or for windows at http://cipe-win32.sourceforge.net/.
    It's a better solution because it doesnt run TCP over TCP, which can give a problem, when retransmission occurs. With the right ammount of bad luck, you can have double retransmission where both layers of TCP retransmit. CIPE runs completely over UDP to avoid this problem.

    JonB Share twitter facebook linkedin
    • Re:CIPE - a better solution. (Score:2, Insightful) by ion++ ( 134665 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:22AM (#3078367) Oh yeah, i forgot to mention that it works behind a NAT, which IPSEC has trouble with.
      Further more it works with non-static ip address. Obviously one end needs to know the ip of the other end, but thats all which is needed.

      JonB Parent Share twitter facebook linkedin
      • Re:CIPE - a better solution. (Score:1) by The Darkness ( 33231 ) writes: Alter Relationship on Wednesday February 27, 2002 @06:29AM (#3078878) Homepage Oh yeah, i forgot to mention that it works behind a NAT, which IPSEC has trouble with.
        Junta already posted a valid response to this statement.

        Further more it works with non-static ip address. Obviously one end needs to know the ip of the other end, but thats all which is needed.
        FreeS/WAN works great with non-static IP addresses.

        For example:

        /etc/ipsec.conf

        conn netnet
        left=theirhost.dyn.dhs.org
        leftid=@theirhost.dyn.dhs.org
        leftsubnet=10.1.1.0/24
        right=%defaultroute
        rightid=@myhost.dyn.dhs.org
        rightsubnet=10.1.2.0/24
        leftrsasigkey=....
        rightrsasigkey=....
        authby=rsasig
        auto=start

        And in ipsec.secrets:

        @myhost.dyn.dhs.org : RSA {
        ...
        }

        I have been using a similar configuration since the release of FreeS/WAN v1.5.

        --
        There are two kinds of people: 1) those that need closure Parent Share twitter facebook linkedin
    • Re:CIPE - a better solution. (Score:2, Informative) by Junta ( 36770 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:39AM (#3078494) Better solution than, say, ppp over ssh (a really dumb hack), but not better than IPSEC for most all applications.

      IPSEC also does not run TCP over TCP, it uses udp for isakmp, and data is transmitted through custom protocols (numbers 50 and/or 51), *not* through TCP.

      Another thing about IPSEC that works better than CIPE is that IPSEC more strongly authenticates the machine at the other end. This is why NAT breaks, because unlike CIPE, IPSEC works to ensure the packet has passed unmodified since leaving a known trusted host, and the very nature of NAT prevents this. Solution is simple, move the IPSEC gateway to either the NAT system or beyond. Though it is being pushed in many circles as a good solution for telecommuting, it really was never designed for that and that usage really spits in the face of firewalls.

      Finally, CIPE lacks compatibility. Sure you can configure windows and linux boxes and maybe other platforms, but just try to connect to, say a CISCO router....

      CIPE is a hack that creates more problems than it solves in the long run. PPP over ssh is worse, but a dumb idea, set up tunnels for specific tcp services that you need, more overhead, but security is better (not perfect, but better). For connecting networks together, a good architect can piece together an IPSEC solution that guarantees identity at other end of the pipe... CIPE offers the gaping whole that IPSEC can while not offering enough identification. So ssh or IPSEC remains the best solution, depending on the problem. --
      XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin
    • Duh, we cover cIPe in the book. (Score:2, Informative) by Brian Hatch ( 523490 ) writes: Alter Relationship <<bri> <at> <ifokr.org>> on Wednesday February 27, 2002 @06:40AM (#3078953) Homepage Journal Ummm, we cover cIPe in the book. Would be a pretty crappy job if we hadn't. Parent Share twitter facebook linkedin
  17. Answer? (Score:3, Funny) by sharkey ( 16670 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:29AM (#3078412) Why does every book need to include the magic 'L' word in the title nowadays?

    Because they have a better chance of getting posted to the Slashdot homepage? --

    --
    "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next. Share twitter facebook linkedin
  18. Crossplatform aspect? (Score:2, Interesting) by egghat ( 73643 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:51AM (#3078571) Homepage How is the crossplatform aspect covered? There are hundreds of possible solutions for VPNs out there, but if you want something that works on *nix, Windows and Mac (Classic and X) and is free and open, the range of products to choose from gets small ...

    For example, I couldn't find a free IPSEC client for Windows.

    Any new hints from this book?

    Thanks in advance.

    egghat. --
    -- "As a human being I claim the right to be widely inconsistent", John Peel Share twitter facebook linkedin
  19. Semi-OT: any ISPs that route a VPN connection? (Score:1) by Sloppy ( 14984 ) writes: Alter Relationship on Wednesday February 27, 2002 @06:06AM (#3078670) Homepage Journal

    Anyone know of any ISPs (preferably outside USA) that will route stuff coming from a VPN (or any other type of encrypted tunnel) to The Internet? (i.e. from The Internet's point of view, it would be like I was a local user of that ISP, even though I'm physically somewhere else.) Doesn't have to be free beer.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it. Share twitter facebook linkedin
    • Re:Semi-OT: any ISPs that route a VPN connection? (Score:2) by disappear ( 21915 ) writes: Alter Relationship on Wednesday February 27, 2002 @09:42AM (#3080488) Homepage
      Anyone know of any ISPs (preferably outside USA) that will route stuff coming from a VPN (or any other type of encrypted tunnel) to The Internet? (i.e. from The Internet's point of view, it would be like I was a local user of that ISP, even though I'm physically somewhere else.)

      Why would you want to do that? Not only will it slow down your network connection, but I suspect that it should be fairly easy to do traffic analysis to determine which traffic was yours in the first place, even at a busy ISP...

      Parent Share twitter facebook linkedin
  20. Has anybody used isakmpd on Linux (Score:2) by Chang ( 2714 ) writes: Alter Relationship on Wednesday February 27, 2002 @06:06AM (#3078673) Anybody out there have any success compiling and using OpenBSD's isakmpd on Linux?

    I really need to use aggressive mode but the patches for freeswan are ancient/unmaintained.

    A pointer would be greatly appreciated.
    Share twitter facebook linkedin
  21. ssh + ppp = vpn (Score:1) by hopeless case ( 49791 ) writes: Alter Relationship <{christopherlmarshall} {at} {gmail.com}> on Wednesday February 27, 2002 @06:11AM (#3078722) Here's this script I use to setup a quick and dirty VPN between my workstation at work and my home PC. It has to originate from work to get through the firewall but once setup, of course, packets can flow both ways. I call the script ssh-vpn.

    You have to setup ssh correctly with rsa keys before it will work. You also have to download pty-redir. See the VPN mini how-to for more details.

    #!/bin/bash

    REMOTE_HOST=$1
    REMOTE_IP=$2
    LOCAL_IP=$3

    if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ] ; then
    echo "usage ssh-vpn "
    exit 1
    fi

    # this file holds the slave pty that the local pppd needs
    tmpfile=/tmp/tmp$$

    # start remote pppd
    /usr/local/bin/pty-redir /usr/bin/ssh -1 -o 'Batchmode yes' -t -l root $REMOTE_HOST /usr/sbin/pppd local ${REMOTE_IP}:${LOCAL_IP} 2> $tmpfile

    # give the remote pppd process a little time to send its first connect request
    sleep 5

    #start local pppd
    /usr/sbin/pppd $(cat $tmpfile) passive

    # remove file that held the slave pty file name
    sleep 5
    rm $tmpfile

    Share twitter facebook linkedin
  22. Right in time. (Score:2) by Bender Unit 22 ( 216955 ) writes: Alter Relationship on Wednesday February 27, 2002 @07:06AM (#3079151) Journal I have just been playing with IPSec for the last couple of days and wanted to buy a book on the subject. While I managed to sucessfully make a VPN connection between 2 machine, I still need to read a great deal about what's under the hood.
    So I looked at amazon also thinking that I could not go wrong with a book from O'Reilly, but after looking at the few stars it got I had been looking at this book and the one from RSA. Well, that does it. I'm getting this one. :)
    Share twitter facebook linkedin
  23. 1 2 Related Links Top of the: day, week, month. next

    Patent on Wireless Transfer of Pupil Data

    27 comments previous

    Piro On Why .Coms Don't Work

    300 comments window._taboola = window._taboola || []; _taboola.push({ mode: 'text-links-a', container: 'taboola-below-article-text-links', placement: 'Below Article Text Links', target_type: 'mix' });
  24. Re:Why use a whole computer? by wavelet · · Score: 1 · on Run Your Firewall Halted for Extra Security

    I have a linksys BEFW11S4 the one with the wireless access point with the 4 port switch and it does stateful packet inspection.

    nobody said that you can't use two firewalls... and create a real DMZ... personally a firewall with three NICs can't create a real DMZ... if you compromise the "outside" interface, you've compromised the "inside" as well...

    firmware 1.39.2 and up supported stateful packet inspection (SPI)... you just have to enable it in the advanced tab... its got integration with the pc host based firewall zone alarm as well as virus protection pc-cillian...

    I tested out the SPI using nmap SYN/FIN/UDP scans inbound and outbound.

    checkout: EvanC's Linksys BEFW11S4 Site

    from the linksys FAQ for VPN:

    Q. What is Stateful Packet Inspection?

    A. Stateful Packet Inspection (SPI) is a technology used in firewalls which instead of simply hiding an IP address from the internet, will look at each individual packet for information such as its source and destination addresses and protocol that is being used, in order to take certain actions based upon a set of pre-established criteria. SPI can be used to prevent DoS attacks, since the contents within the packet are known.

  25. Linksys Cable/Dsl router by eclectro · · Score: 2, Informative · on Hardware Horrors that Firmware Upgrades Would've Fixed?

    The firmware upgrades are what saved this poduct/

    Read the readme.txt for a long history of bugs that have been fixed through firmware upgrades - originally I had problems with it, and it was a firmware upgrade that fixed it - the saving grace for this product.

    Having firmware upgrades for a product is a very prudent thing to do. Anybody that doesn't think so is arrogant.

  26. Re:Better range increase.. by morcheeba · · Score: 1 · on Supercharging Your Linksys Wireless Access Point

    I got the linksys card because the prism chipset was supposed to be the best for listening with airsnort. Yes, the range is disappointing- it barely makes it to my bathroom. Part of the problem is that I've got the worst case: a firewall+printserver AP which uses a pcmcia card as its radio. The similarly-marketed firewall+switch AP uses a dedicated radio with real antennas.

  27. Re:Better range increase.. by morcheeba · · Score: 1 · on Supercharging Your Linksys Wireless Access Point

    I got the linksys card because the prism chipset was supposed to be the best for listening with airsnort. Yes, the range is disappointing- it barely makes it to my bathroom. Part of the problem is that I've got the worst case: a firewall+printserver AP which uses a pcmcia card as its radio. The similarly-marketed firewall+switch AP uses a dedicated radio with real antennas.

  28. MIB hackery by danish · · Score: 5, Interesting · on Supercharging Your Linksys Wireless Access Point
    After installing the snmp utils (apt-get install snmp) and doing some minor surgery to the MIB so it would parse correctly, I think I've found the element to modify:

    enterprises.atmel.atmelmib.atmelSys.TestModeSettin gsGRP.TestModeRadioConfiguration.0 = Hex: CA CA CA CA CA CA C9 C9 C9 C9 C9 C9 C9 C9

    Although not in the same configuration as the article describes, this may be due to the fact that I've never upgraded the firmware on the access point I snmpwalk'd this from. Perhaps I should get busy on that....

    Any of you people out there with an upgraded firmware, you should try snmpset under Linux or your UNIX of choice and see what kind of results you get... extra points for verifying the change with the Windows stuff in the article.

    Numerically, snmptranslate says that the correct field is .1.3.6.1.4.1.410.1.1.8.8.0, assuming I'm using it right (I called it with the commandline snmptranslate -m +ATMEL-MIB -IR enterprises.atmel.atmelmib.atmelSys.TestModeSettin gsGRP.TestModeRadioConfiguration.0.)

  29. Re:It's the thought that counts by PotPieMan · · Score: 1 · on Merry Christmas

    What kind of card is it? If it's a Linksys, check out this page. Otherwise, Google turns up a few results.

    Good luck.

  30. Re:*scream* by DeputySpade · · Score: 1 · on Linksys Incorporates HomePlug Networking

    If 'inquireing' minds wanted to know that bloody badly, they'd go read the damned FAQ!

  31. Linksys hardware by Anonymous Coward · · Score: 0 · on Linksys Incorporates HomePlug Networking

    This may be somewhat out of topic, but I wonder why Linksys doesn't sell that nice little boxes they use for routers (take a look at this one, which sells for $65 in several stores) to be used with your OS of choice (which is NetBSD of course). With some minor modifications, these boxes could boot through a serial line and maybe nothing more in order to be hacked up. BTW, has anyone out there hacked one of these devices to accomodate a custom OS?

  32. Phoneline Networking... by dytin · · Score: 2, Informative · on Linksys Incorporates HomePlug Networking

    Seriously, if you want to network your house using the existing wires in your house, pnoneline networking is the way to go. It is fast - right now it has a limit of 10 mbps, but they are working on 100 mbps - the power line gets 14mbps, not too much faster (and anyway, unless you have a T1, 10mbps is plenty fast). Also, it is secure, there is no need to encrypt your data as it travels on your own private network. Also, there is no risk of power spikes damaging your hardware. And finally (and most importantly I might add), there are Linux drivers for phonline NICs (at least for the card I use, the Linksys HPN200, you can find the drivers here.)

    For more more information go to www.homepna.org

  33. Re:Question I can't find an answer to on their sit by HoldenCaulfield · · Score: 2, Informative · on Linksys Incorporates HomePlug Networking

    From a November 6th press release it appears that Linksys will have a USB adaptor for the PC-end with an ESP of $149.99, and the router in the story has an ESP of $179.99. Looks like they're going to release a bridge as well for $149.99.

  34. Re:Now, if only... by Anonymous Coward · · Score: 2, Insightful · on 3Com's 10/100 Switching... Wallplate

    For the $300'ish that 3com plate costs you could get a wireless bridge with built in 10/100 switch.

    The device is nice, but if 3com thinks this alone is going to solve 3com's problems then they will be disappointed, lets see... something which is basically equivalent to a $20 faceplate and $50 switch and costs upwards of $300? Didn't 3com realise the insanity ended when the markets collapsed 18 months ago, are there any dotcoms flush with cash around to buy this type of product these days?

  35. Won't work for a majority of the people on here... by thesolo · · Score: 2 · on Cable Co's Want More Control Over Your Network

    Cable modem services don't support Linux. If you call them for help on anything but a Windows Machine (they dont even officially support Macs around here), they won't help you. So how do they plan to get their software running on your machine? Besides, you know people will find a way around this.

    Around here, the cable companies are already annoyed by the fact that not everyone runs their cable modem through their proxy server or uses their software. And they already have a ridiculous source of income thanks to their $10/month modem rental fee (Btw, Linksys has a nice Cable Modem that is down to $100 now, which is cheaper than a year's rental fee.) and $8/month per additional IP charges. They don't need any more money because I want to have a third computer in my house.

    I don't know about the rest of you, but I won't stand for them trying to charge me for additional IPs for every connected device. Having things like my printer networked inside my house doesn't cost them a dime, and it shouldn't cost me one either.

  36. Re:Linksys good? Not necessarily.... by dsouth · · Score: 1 · on Apple's New, Improved Airport

    I owned the linksys BEFW11S4 for about a week , after which I traded it in for the SMC Barricade 7004AWBR . The SMC is a far nicer product.

    Issues with the linksys hub were (in no particular order):

    • http interface did not work correctly under Netscape or other non-IE browsers.
    • 802.3 and SNAP headers?? Sorry, I don't own any HP equipment....
    • Big honkin security hole in the web interface that exposes the router and ISP passwords in cleartext should anyone wish to drive by with an access point....

    In addition to having none of the above problems, the SMC also provides a parallel port with an lpr print server (which works fine for my environment of IRIX, Linux, and MacOSX boxen). Upgrades to the SMC work fine via ftp and http from any of the above operating systems and have added additional features (restricting access to specific MAC addresses, supporting appletalk from wire to wireless, etc).

    In short, I found the SMC superior to linksys and the Apple AP, and I'm not alone. After sending a note about my experiences to the author of this review...well, just read the Final update at the end of the page. Several other sysadmins at my site have also purchased the SMC and have similar praise for the unit.

  37. Re:Linksys good? Not necessarily.... by geekoid · · Score: 2, Informative · on Apple's New, Improved Airport

    here

    that link is very long, not sure if it will be good.
    I went into there knowledge base and found mac support.

  38. Airport is great technology, but... by nbvb · · Score: 5, Interesting · on Apple's New, Improved Airport

    The thing that makes Airport so WONDERFUL is the integration on both their desktops and laptops.

    The built-in antennae make for some excellent reception on the laptops!

    On the other hand, the base station, while it looks cool, isn't that impressive. I bought a Linksys wireless station / firewall / router / 4-port 10/100 switch for $159. It was well worth the cash, and the range seems better than on the airport stations.

    On the other hand, the fact that it all integrates so perfectly (between Apple's airport, the Linksys, and my neighbor's PC laptop) speaks very highly of the whole thing. :-)

    --nbvb

    p.s. Also, just a heads up -- Apple's been shipping a 128-bit version of the Airport *CARD* for months. The /C revision of the card was secretly 128-bit. :-)

  39. Re:Another Linksys KVM switch by arget · · Score: 1 · on Tom's Hardware KVM Roundup

    I had the same experience. Then I upgraded to the 4-plex switch in the same line (PS2KVM4) for about 120 bucks. The keyboard switching is a little more complex (ctrl-shift-alt then a 1,2,3, or 4) but doesn't interfere with gaming.

    Totally agree with the review about cable layout tho. It's a mess. Thank goodness for twist ties.

    I have noticed I can lose the mouse if I use it while switching. It'll come back after another switch and it's hard to do, but it's a nit to pick.

    The only thing I'd add is a virtual clipboard, but I can live without it.

  40. Why Linux routers? by denzo · · Score: 0 · on Shuttle's Tiny PC Reviewed
    Why, oh why, do people still want to build cheap/small PCs into Linux routers?

    As far as cost, convenience, uptime, ease of configuration, power consumption, and upteen other advantages, why not just pick up a Linksys Etherfast 4-port Cable/DSL Router (or an 8-port version) for ~$80?

    Before these babies came out, Linux routers were the bomb and fun to play with. But these new routers seem like no-brainers to me. You can configure them through a Web interface (which is only accessible by the "internal" network for security), such as setting up forwarding ports, disable certain ports from accessing the Internet (i.e., just an internal gaming port). It's a teeny box that hardly uses any power, is up all time and doesn't need to be rebooted, it's fast, it's cute, and it's cheap. It's the ultimate Internet connection sharing device with sufficient firewall capabilities. I believe D-Link and Netgear also have similar routers.

  41. Why Linux routers? by denzo · · Score: 0 · on Shuttle's Tiny PC Reviewed
    Why, oh why, do people still want to build cheap/small PCs into Linux routers?

    As far as cost, convenience, uptime, ease of configuration, power consumption, and upteen other advantages, why not just pick up a Linksys Etherfast 4-port Cable/DSL Router (or an 8-port version) for ~$80?

    Before these babies came out, Linux routers were the bomb and fun to play with. But these new routers seem like no-brainers to me. You can configure them through a Web interface (which is only accessible by the "internal" network for security), such as setting up forwarding ports, disable certain ports from accessing the Internet (i.e., just an internal gaming port). It's a teeny box that hardly uses any power, is up all time and doesn't need to be rebooted, it's fast, it's cute, and it's cheap. It's the ultimate Internet connection sharing device with sufficient firewall capabilities. I believe D-Link and Netgear also have similar routers.

  42. Re:Firewall by DrSkwid · · Score: 2 · on Shutting Down Worm-Infected Broadband Users

    what, like this one

    but what use is a firewall against this?

    If you are running IIS as your webserver you let port 80 through the firewall and into IIS and thus expose yourself.

  43. RTFM! by slank · · Score: 1 · on Choosing a Router/Firewall for the Home LAN

    Quite a few DSL/Cable router box manufacturers have their manuals posted on their web site. It doesn't take long to get familiar with these devices' capabilities by reading the instructions. Just a few:

    Linksys
    D-Link
    Netgear
    Cisco (expensive but flexible)

  44. the router / firewall I use by CmdrPinkTaco · · Score: 3, Interesting · on Choosing a Router/Firewall for the Home LAN

    http://www.linksys.com/products/product.asp?prid=1 42&grid=5

    IIRC it will forward up to 10 (maybe it's 20) ports to any computer internally. It is fairly configurable. Allows for static or DHCP internally (as a server and a client). And for $99 it is tough to beat. Sure you can get a POS Linux / *BSD box, but this worked for me literally out of the box. DISCLAIMER: I don't claim to be a huge power user, but for what I use it for (firewalling and fowarding of web, mail and ftp ports) it is ideal and it is simple. Here at my office, I wouldn't think of using something like this on our network, but it does quite nicely for a home user who is concerned about security and just wants more blinking lights :)

  45. Re:I got the Linksys by trcooper · · Score: 2 · on Choosing a Router/Firewall for the Home LAN
    I have the linksys also, BEFSR11 - (One port). I picked this up for about $50. Since I already had a few hubs lying around, I didn't need a multi-port router anyway. A couple other things worth mentioning about it are:

    Firmware upgrades

    Multicast Support

    Both static and dynamic IP support (Great for my laptop which has static IP at work)

    The only problem I have with it is that you can only forward 10 ranges of ports. I haven't had a problem with this yet, but it could be concievably a problem.

    Alternately, you can set up a DMZ and make one machine live on the internet.

    Check out the manual for full info.

  46. LinkSys BEFW11S4: Router/4port Sw/Wireless AP by LedZeplin · · Score: 1 · on Choosing a Router/Firewall for the Home LAN

    I just got the Linksys BEFW11S4 which is the product where they mated the wireless access point, with their cable DSL router, and threw in a 4 port switch I think the router alone is a 3 port hub? or maybe a switch. It was easy to setup using it's web based interface. It allows you to make one of your clients a DMZ Host for video confrencing, gaming etc. I'm assuming it forwards all ports to the Host when that is enabled, the docs doesn't say what it does and I have not tried it yet. Also it gives you the ability to set up port forwarding for specific ports or ranges of ports to up to 10 machines. It supports PPPoE, PPTP pass-threw, ipsec pass-threw, has mac address cloning. and has a build-in DHCP server. I'm pretty sure that it only supports 1 IP address. It would be cool if you could assign multiple ones and forward based on IP and Port. And don't forget it's a wireless access point, yay! It's been on sale the past 2 weeks for $199 at Best Buy, and Comp USA. It's priced lower than the Wireless Access Point. Go figure, that's all I wanted, I bought a WAP and got a router free.

  47. The Linksys is nice by rho · · Score: 5, Troll · on Choosing a Router/Firewall for the Home LAN

    I have the BEFSR41, which is the router plus a 4-port 10/100 switch. It was about $100 from CompUSA.

    Dislikes: the web-based interface is a bit wonky with Netscape 4.7 on *nix. It works, but has some weird errors on occasion.

    Likes: it works as advertised. I fought with PPPoE on an OpenBSD box for several hours -- I could not figure out why it wasn't working, and none of the so-called "How-tos" helped.

    HOW-TO -- a definition
    A cruel on-going joke between free unix-alike "documentation" writers that is mostly filled with "it worked for me, maybe you're stupid" insinuations and "this important part of the configuration is terribly, terribly important, but it's beyond the scope of this shitty How-To. Perhaps you are stupid?" notes.

    So, I went and bought the Linksys, and within one hour (including the time it took to buy the thing), I was passing bits around the Internet.

    The web-based interface does work somewhat with Lynx, but is very cantankerous when used so. I have ssh'ed into my server and then used Lynx to reconfigure the router.

    You can forward ports to particular internal IPs, i.e. "all requests for port 80 goes to the computer at 192.168.1.100", and can even put one computer (one IP address) in a "DMZ", where it is completely open (all ports are available to answer).

    If you want to do complex filtering or firewalling, it doesn't do such. If your needs aren't really complicated, it will work for you.

  48. Avoid LinkSys at all costs by jkujawa · · Score: 1 · on Choosing a Router/Firewall for the Home LAN

    I've got a befsr81
    and it's one of the worst wastes of money, brains, and time I've ever encountered. It has moronic timeouts which are completely unconfigurable. A housemate has a similar router, which doesn't include a switch. Both are plagued with similar problems, the documentation is nearly non-existant, and LinkSys lies about firmware upgrades fixing it.

    It does, however, work well as an overpriced 8-port switch.

  49. Linksys Wireless Cable/DSL Router by hex1848 · · Score: 1 · on Choosing a Router/Firewall for the Home LAN

    I bought a BEFW11S4 - EtherFast Wireless AP + Cable/DSL Router w/ 4-Port Switch about a month ago on eBay - brand new. I have had nothing but problems thus far, and wouldn't recommend anyone buying one. I have to push the reset button on a regular a regular basis, as my connection drops frequently. Firmware upgrades dont work, after many emails and phone calls I have determined that Linksys tech support is virtually non existent, and I had to resort back to using connection sharing on my 2000 box to get a half stable connection.

  50. Linksys BESFR41. by cacheMan · · Score: 1 · on Choosing a Router/Firewall for the Home LAN

    I have had no complaints with my Linksys BESFR41, it runs a little web server so all the configuration is done through a browser. I can close/open any port or range of ports very easily. I can use DHCP or static IP addresses on my computers. You can read about all the things it does, but I just wanted to say that I have been very pleased with this product.

  51. where to find? --- what to do? by jahjeremy · · Score: 2, Interesting · on What Do You Do With Old Computer Parts?
    Everyone should check out ad papers such as Loot (if you live in the NYC area) if they are scavenging for gear. I have seen others in the Midwest that come out weekly, and you can get great deals from people who are upgrading or just want to get rid of older equipment. Although I myself haven't bought components from these sources, I have seen pages and pages of ads for cheaply priced older equipment. And remember, you can always bargain them down. Another recent source has been all those dot com's going under!

    A lot of my older gear breaks quickly, and sometimes I do it myself. The older hard drives tend to crash, and once that happens, what use is a diskless 386 with 8 mb ram? I tend to take them apart and make stacks of strange computer gear. Two Pentiums that I once had got themselves smashed by crashing everytime I tried to put on Red Hat Linux or Windows. The older and less "used" a system is, the more likely that it will be used in some sort of geeky "experimentation" like hooking it up to a stereo, phone, radio or other electrical gear or installing an obscure, barely tested Unix kernel or alternative OS. This makes it more likely that the poor, over-the-hill machine will meet its demise due to power surged fried circuits or nuked hard disk!

    I've got a 486 laptop with a 5" screen. Now what am I going to use that for? Windows 3.1, whew-hew!

    Keep some of the useful stuff like soundcards, NIC's, RAM, floppy and hard drives and trash the rest. Never know when that stuff might come in handy. With storage at an all-time low, I can't see too much value in keeping those 500 MB disk drives around; they're just going to crash and make you mad later, anyways. I'd say any motherboard below Pentium is not worth keeping unless you have a lot of patience, an older OS and/or a dedicated task for it to perform, such as routing or firewalling. Even then, the low cost of gear like a Linksys router kind of makes you want to buy something small, useful and well-engineered rather than use an old, clunky x86 with extra NIC's.

  52. Re:ease of use barrier by Anonymous Coward · · Score: 0 · on Will 802.11 Kill Bluetooth?

    The problem is, there have been many many average joes who have done just that. Apple.com , Linksys, and guess what! It Works(tm)!

  53. Re:No competition Higher prices by CthulhuDragon · · Score: 1 · on Rhythms Flatlines

    Unless NetGear or Linksys comes up with a router that has a USB connection, I'd have to pay the ransom to get the Ethernet version of their modem to use the service. So I have telocity at the moment. I know linksys did:
    Linksys Router

  54. 802.11b is wireless by CTboy · · Score: 1 · on Broadband Crackdown

    Which he metioned as an option, but as he said, it's slower and has security issues.

    As for your question, if you're looking to set up a small wireless network for your home, fed from DSL or cable, I hear Linksys has some pretty good products for home based systems at good prices.

  55. Latest firmware by jdunlevy · · Score: 2 · on Linksys AP/Routers Not Supporting Non-Microsoft OSs?

    Linksys released a firmware update on May 30th. Version 1.37.2b. They're really vague on what they changed ("Optimized Wireless sessions for stability" -- which could apply), but you can get it here if you don't have it already.

  56. Works with Macs by Webmoth · · Score: 2 · on Linksys AP/Routers Not Supporting Non-Microsoft OSs?

    First of all, here's a link to the Linksys BEFW11S4 product information page.

    I installed one of these the other day on a mostly-Mac network, and got it to work with Apple's Airport cards. Granted, I don't know whether the Airport is using SNAP or EthernetII, but I did find out that the Airport does not support standard WEP. Apparently, they use their own encryption using a password rather than a 128-bit key. Not sure how auth works on the Airport. Anyway, right now it's running unencrypted, so I'll have to put in a separate firewall and an Airport WAP. Bleah.

  57. Perfect Example: @home support. by crashnbur · · Score: 1 · on Tech Support: Sucking Even More
    Yesterday I called my local cable internet provider, which is Cox Communications' @home service, and after pressing numbers after fourteen push-button menus, I finall received a message that said to go to such-and-such website and pull down the such-and-such menu and send an email to so-and-so with your problem.

    Well, you [insert expletives here], if I wasn't have a problem with your [expletive] service, or had wanted to send you a [expletive] email, do you think I would have tried to call the tech support line?

    So, @home users, this is your warning. If you ever have a problem with the service, there is no one on the other end to talk to. Or, if there is, I'd certainly like to know why you're getting service and I'm not. (Perhaps it's just that the local service sucks.) Either way, all I wanted was a gateway address, a subnet address, and a few other small bits of similar information to install a router, and I couldn't even get in touch with a human voice.

    So, slashdot, I'll ask my question here. My father bought a Linksys router thinking that he could use it to network his three computers so that each could be online at any time without having to pay @home for extra cable lines for each machine for an additional montly fee. I'm not familiar with routers, but I have gotten so far as to get everything hooked up right. So anyone want to help? Feel free to send me an email me if you have any good suggestions or witty comments to make. :)

  58. Re:Um, it's called a PC by Darth+Yoshi · · Score: 1 · on The Borg Box and Convergence Fantasies
    Go buy a cheapass PC like a duron.

    It's not duron but... like this?

    ATI TV-Wonder PCI Tuner

    and this?

    Think lusty thoughts about a wireless USB hub

    and this and this?

  59. Re:Um, it's called a PC by Darth+Yoshi · · Score: 1 · on The Borg Box and Convergence Fantasies
    Go buy a cheapass PC like a duron.

    It's not duron but... like this?

    ATI TV-Wonder PCI Tuner

    and this?

    Think lusty thoughts about a wireless USB hub

    and this and this?

  60. My "Wiring a new house for a LAN" story. by Jadecristal · · Score: 1 · on The Myriad Ways of Wiring Your Home?
    My parents built a new house last year, and we were able to do all of the wiring of LAN stuff ourselves. It's actually pretty easy, but it helped having a dad who's an electrician, because that way he knew how NOT to do things. Everything went pretty much as planned, and the general method we followed during our manic weekend of wiring consisted of:

    • Installing boxes. Like the kind that normally hold things like outlets, except we used the double-wide kind. They were placed each place that we wanted things; at least one in almost every room (no, there isn't one in either of the bathrooms), with some rooms like the family room having two.
    • Running cable. We chose to use a combination of plenum CAT-V and RG-6 coax to each drop, even though we don't have satellite. Just planning for the future, I guess. We used two drops so that the phones in each room could use CAT-V too... That way, data and phone are in the same plate. Nice.
    • Assembling wall plates. This part was a PITA... you try getting down on your knees (or laying on the ground, in some places) with a 110 punchdown tool that qualifies as a sharp-pointy object and apply the amount of pressure that it takes to punch crap down into those stupid plastic CAT-V and phone recepticles. Not fun. But in the end, all but the one in my brothers room, behind his bed, are set up now, for the most part. The RG-6 cable isn't connected inside the plates, though, since we aren't using it at the time. Maybe someday. Since we have 3 phone lines, due to our situation in the house, some plates where I care (my room) have two lines set up so that when other people get pesky about the phone, I can just take another line.
    • Setting up the goods in the basement. This was another experience, as we opted for a nice hardcore 66-pair punchdown block for the phones. It's nice, but still kinda difficult. But all the phone drops that we wanted set up work now, although there is this one that I think is causing line noise... prolly a crappy punch-down job.
    • Networking... the point of all this stuff. We put a LinkSys 5-port hub down there, along with a 3Com Dual Analog router, since we live in the country. No cable or DSL here, though it is available in town. The three (was four, until the poor linux box went to the great bit bucket, or the computers version of it, in the sky) is linked into it's port in the room it's in, and all of drops go to a place in the basement. There are a couple of extra activated drops in the house, for when friends come over with their boxen.
    As for the logistics of it all, plan out your cable needs, then but extra. There is no such thing as too much cable. Even if you have just the right amount for your project, you will end up needing more later, for something.

    I lean away from the wireless stuff because it's still so expensive, and what-not. I don't like the inherent security risks with sending lots of packets into the air, either. But I guess if the neighbor wants to sniff your quake packets with their uber-expensive setup, let em. :)
  61. Setting up a 802.11 network by cje · · Score: 5 · on The Myriad Ways of Wiring Your Home?

    I've got some experience with setting up a wireless home network, and here are some of the things that I discovered. First of all, my general setup: I've got a ZyXEL Prestige 642 DSL router that I wanted to share between several machines, most notably a Dell laptop that I wanted to network wirelessly. The first thing that I did was buy a 5-port Linksys 10/100-BaseT autosensing Ethernet hub; I had been running the DSL router straight into my main desktop PC's NIC with a crossover cable. Now there's a hub, so the ground work is done.

    The first thing you'll need is (obviously) a wireless access point. For this, I would recommend the Linksys WAP 11 wireless NAP. This is an inexpensive (~$240) piece of equipment that has worked flawlessly for me thus far. There are more expensive and more capable access points, but IMHO you can't go wrong with this one, at least for a home setup. Note that this access point is a straight pass-through; it does not do DHCP or anything like that. For me, this isn't an issue because my DSL router acts as a DHCP server.

    Some more notes about the WAP11: it comes "out of the box" configured with an IP address of 192.168.1.250. Again, this was fine for me since my home network is 192.168.*.* based. Obviously, this can be changed, but the provided configuration software is Windows-only. You can configure the unit either by plugging in the provided USB cable and running the USB-based configuration program, or you can do it via a SNMP-based configuration client. Oh, and before I forget .. the access point needs to be plugged into either a 10BaseT or an autosensing 10/100BaseT hub! It will not work with a 100BaseT-only hub!

    Okay, so now you've got an access point plugged into your network hub. The next thing you need is a wireless card. If you're networking a laptop, grab a Lucent ORiNOCO 802.11 Silver PC card. Linksys makes its own wireless PC card, and if you're buying the Linksys access point, you may be tempted to buy the same brand for the PC card. Don't. Linksys's card works fine, but its range is limited; it is far less than what they advertise. The radio that the Lucent cards use is far, far better. Many people have reported tripling their ranges when switching from the Linksys to the Lucent card.

    I've had no problems with the Lucent card. Hell, they even include the source code for Linux drivers on the installation CD! The Linux driver you're looking for is "wavelan2_cs", and it supports 64-bit WEP (Wired Equivalent Privacy) (40-bit, actually) encryption. For the sake of full disclosure, however, it should be pointed out that WEP's security is under fire (expanded PDF version)

    In general, if you're looking for raw speed, you're not going to get it with 802.11b (or, at least, you aren't going to get wired speeds.) For me, I mainly use my network to surf the Internet, and my DSL downstream bandwidth maxes out at 1 Mbps or so .. anything above that is frosting on the cake. 802.11b offers a theoretical maximum bandwidth of 11Mbps, but in practice you'll probably get half that, even if you're in the immediate vicinity of the access point. If all you're looking to do is be able to sit out in your backyard and read Slashdot, that's probably more than sufficient. If you need 100Mbps+ speeds to your local machines, you need to drill some holes and run some cable. Personally, I think the wireless cards are just plain fun. I can read Slashdot from the neighbor's yard, for Christ's sake. :-)

  62. Wirelass LANs at home by xiana · · Score: 1 · on The Myriad Ways of Wiring Your Home?

    Just wanted to add my $0.02 to this thread.

    I recently went with a Linksys solution for my home network.

    http://www.linksys.com/products/product.asp?prid=1 73&grid=19

    Picked up a WAP11, and a WPC11 card for my laptop, and it works great. The range is pretty damned decent. It just totally rocks to be able to take my laptop to bed and surf the web, completely wireless, before I pass out for the evening =)

    -Xian

  63. Neat idea, but it's asymmetric routing by Olinator · · Score: 3 · on A New Approach to IP Address Exhaustion

    which will bollix up many kinds of firewalls.

    The fourth diagram on the "How Does Aves Work?" page shows this clearly.

    An example: my home firewall sees an HTTP request go out to pc.john.avesnet.net, for which (according to the explanation) a DNS lookup gets an IP address [1.2.3.4]. [1.2.3.4] is actually the IP of an "AVES waypoint" host. The waypoint processes my original HTTP request, and sends it along to the actual machine behind some NATbox (which has an IP of [5.6.7.8]) somewhere, which replies to my browser. But the reply doesn't originate from [1.2.3.4], which is where my firewall is looking for a reply to the original query -- instead, it arrives with a source IP of [5.6.7.8], which is the IP of the NATbox behind which pc.john.avesnet.net actually sits. To my firewall, this looks like an incoming connection attempt that is unrelated to any outgoing traffic, so it gets DROPped on the floor.

    So, far from requiring no upgrades on the part of the end-browser, this scheme will require anyone with a firewall or a NATbox (such as my P90 running ipchains, or a linksys BEFSR41, or some other cablemodem/DSL access sharing device) to understand the protocol and deploy mechanisms for handling it.

  64. Re:I'd like to see... by adavidw · · Score: 3 · on Free Wireless For Fun And / Or No Profit
    A nice package that I could install... A firewall/802.11b combination. I plug in the cable modem ethernet in one port, and in the other 2 ports, my local protected network, and then a place to put in the 802.11b base device. That way those around me can have internet access through my connection.

    Check out the LinkSys BEFW11S4, the D-Link DI-711 or DI-713, or the 3Com 3CRWE50194. They all have the physical specs to do what you're asking. It's just a matter of finding out if their built in firewall abilities are flexible enough for your specific needs.

    -Aaron

  65. Re:$2500?? by macx666 · · Score: 1 · on DirecPC USB Satellite Modems Available for Linux

    Sure, look here for the product--You can generally find it for about $129.

    Macx

  66. Blast from the past? by BrK · · Score: 5 · on New Netcomm Smart i Share 56k Modem/Hub/Server

    This is not "news". Netgear and Linksys, along with several other companies have had 56K hubs/routers/dial-up managers for some time now. Just because this thing runs linux doesn't increase the "gee-whiz" factor, IMO. Linux is overall for a device like this anyway.

  67. RCN and TW experience by CritterNYC · · Score: 2 · on RCN Cable Modem vs. Time/Warner's Road Runner?

    I have RCN, my neighbor has TW and has had it since it went into beta. Here are the two stories:

    My Experience With RCN

    RCN was pretty good initially. I got it soon after they were out of beta in my area. Then they grew too fast. Their entire network was overloaded for about a month. After a few hassles including 2 modem swaps (they use Hybrids which aren't that good) and numerous short outtages, I would say their service is now pretty good. I usually get decent speed (up to 3 megabits/sec at 3am), my ping times are usually good enough for online game play (under 250ms) which is a necessity for my occasional Subspace fix. I still get occasional problems. Their customer service isn't that great. I've been on hold an hour on more than one occasion.

    My Neighbor's Experience With Time Warner

    My neighbor got her cable modem last year while TW was beta testing. In the beginning, her speed was unbelievable, mainly cuz she was only one of a few people on the network. Now, it is similar to mine. She isn't really a techie, she mainly browses and sends mail, so she doesn't notice high ping times and such like I do. She said she's gotten good customer service when she called in with questions, too. Oh, and they do use better modems (don't remember which, offhand).

    Random Thoughts

    If anybody would like, I could do some traceroutes from both of our boxes to a few servers, test turnaround time and packetloss. Let me know if you're interested.

    Also, you may wanna pick up the Linksys BEFSR41 4-Port Cable/DSL Router. Great unit. Two of my friends swear by them, mine is on the way. And you can update the firmware using a TFTP client from a non-windows box. Most of the others require windows to update. Plus, the manual is totally written by geeks with FAQ questions like "How do I get my quake server to..." No cheesy business questions here.

  68. Re:Linksys by Col.+Panic · · Score: 1 · on P2P, Firewalls And Connection Splicing

    Here ya go.

  69. Firewall by Zerothis · · Score: 1 · on Excite@Home Claims Broadband 'Safe'

    The hub router I have, mainly for sharing my cable modem with every computer on my network, has a firewall built-in. Just enter a few numbers, and tada, the firewall is active. Of corse, I then have to enter more if for IRC and stuff, but I'm off the subject. If a hub router can have a firewall built-in, why can a broadband modem have a firewall built-in?

  70. Re:I use @home by Tassach · · Score: 2 · on Excite@Home Claims Broadband 'Safe'
    Define "break-in attempt". A simple port-scan is NOT a break-in attempt. Repeated attempts from the same address to connect to an open port probably is.

    When I first got @home, I was running 2 ip's with a hub. Each of my pc's was running firewall software (AtGuard on my wife's windoze box and ipchains on my linux box) I would usually log 10 or more port-scans PER DAY on both of my boxes.

    After running this setup for about 2 years, I got a Linksys cable modem router. Linksys bills this as a "firewall", but it's firewalling features are pretty rudimentary -- NAT and some simple port filtering. It's easy enough to defeat this if you know what you are doing, so I don't rely on it as my only layer of defense -- I still have everything behind the router locked down as tightly as I can get it.

    The Linksys router dosn't do any logging, so I don't know how often it's getting probed; but I have not logged ANY scans that made it past the router in the 6+ months that it's been operational [except for the ones that I did myself]. I find this pretty amazing. It seems that even the most basic security measures will deter the vast majority of would-be attackers.

  71. Re:I use @home by Score+0 · · Score: 2 · on Excite@Home Claims Broadband 'Safe'
    Further, it's rather lame that there's no provisions in most dialup, ISDN and xDSL accounts as to how many computers share the bandwidth. As opposed to MediaOne who requires you pay an extra fee in order for other computers in your house to perform such tasks as receiveing email..

    They charge extra for more PCs because of the additional IP addresses that would require, not bandwidth. Just set up a Linux/BSD router with NAT or pick up something like the Linksys cable/DSL router and connect PCs to your hearts content. I have a Linksys with three systems connected and I only pay MediaOne for a one system account.

  72. Linux Wireless HOWTO, & cheap(er) 802.11b by Booker · · Score: 2 · on Wireless LANs and Linux
    For good Linux info, you should check out Jean Tourrilhes' Wireless LAN HOWTO. It's got a good overview of the technology, the standards, the cards, and the Linux drivers.

    Lately, there have been a couple of 802.11b cards come out that are pretty cheap - check out the Linksys WPC11 , which can be found for around $120 a pop (if you can find it in stock...) and also Addtron's AWP100 card - no info on their site, but they told me it has the PrismII chipset, which is what the AbsoVal guys are working on, I believe. It, too, is around $120.

    ---