Slashdot Mirror
The Sound of Your Firewall
upside writes "It had to be done. Once The Spinning Cube of Potential Doom gave us a 3D visualization of a firewall, someone was bound to ask themselves 'What does your firewall sound like?'."
← Back to Stories (view on slashdot.org)
I really like these concepts for alternate ways to visualize large amounts of data. Reminds me of Douglas Adam's Dirk Gently books. There was a character who wrote a program called Anthem that would interpret a company's stock data and vital statistics and play a tune based on that data.
Rather than using a Wav. file, maybe this could be written to play a variety MIDI tones to account for all kinds of activity on your network!
Urge to post... fading... fading... RISING!... fading... fading... gone.
moudulating the pitch on the dropped/blocked port numbers? I bet it could sound like a windchime with the proper modulus.
I've been doing exactly this same thing for a while. I found that it got extrememly obnoxious, so I dumbed mine down to just play a wave file whenever I get pinged by someone pinging me from a command line ping. I don't know why the length is different than the crap pings that come in every 8 or 9 seconds, but with this swatch definition below, it seems to trigger only when I am pinged by hand.
/firewall-ping.*LEN=84/
/etc/pingwatch.lock 1>/dev/null` /etc/pingwatch.lock) && (/usr/bin/play /usr/local/site/etc/soun /etc/pingwatch.lock)
.wav
/etc/crontab or whatever:
/usr/local/site/bin/arp-watch
/etc/arptable 1>/dev/null : /usr/bin/play /usr/local/site/etc/sounds/new.arp.entry.wav && echo $each >> /etc/arptable
:D
So, put this in your swatch file that watches your firewall log:
watchfor
exec "/usr/local/site/bin/ping-wave.sh ping.wav"
That script just locks the darned thing so it doesnt pop and crack if i get pinged twice:
ping-wave.sh:
if `grep OPEN
then (echo -n >
ds/$1) && (echo OPEN >
fi
And here's a link to my ping wave for you to use:
ping
I also used the naturalvoices website to make a nerdy computer lady announcing new entries in my arp table. You can grab wave file too if you want. Here's the script I have for that:
put this in your
0-59 * * * * root
and then make the above command contain this:
#!/bin/bash
for each in `arp -n |grep -v "Address"|grep -v "eth0"|awk '{print $3}'`
do
if grep $each
then
else
fi
done
if anyone can improve upon my bash, please, i have no ego.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
I'd rather have a silent firewall... I'm not the kind of people who likes having a big warning everytime some script kiddy scans my port 31337 or pings me... hell ZoneAlarm will warn you if there's a DHCP server on your network... and people who don't know better think that OMG IT'S A HAX!!!!!!11111111...
Maybe it could be nice on an IDS system though..
I can just imagine a war movie (your network) with bullets (bad packets) ping'n off of armor (firewall).
Depending on how much of that blotter paper you've licked, it may sound like the colors that taste like music.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
how long until full fps style interaction with firewalls? this is the beginning of a Shadowrun-like matrix net where audio and visual become a big part of hacking
This is my sig. There are many like it, but this one is mine.
I send firewall logs to DShield.org, and you should to. The firewall is set to only log 100 denied packets at a time, so lazy bastard that I am I set a cronjob to reset the counters every hour. That was a few months ago.
Last week I happened to be looking at the logfiles, and I noticed something: an hour was no longer enough. The counter hits 100 within 10 or 15 minutes. I can watch the hits come in, and it's all Windows crap: Port 445. Port 137. Port 139. Port 1026. That's it. Nothing interesting -- you know, no stealthy scans by l33t cr5X0rZ, no probing for open relays, nothing.
Two thoughts before I go:
First, this makes for excellent demonstration material. A coworker mentioned that he was considering moving from Windows to Linux because he was tired of all the viruses and worms. I showed him what tail -f on my firewall logs looked like, pointed out that it was all Windows junk, and he was convinced. Gave him a Knoppix CD and made another notch on my belt. :-)
Second, I'm lucky: my ISP has not yet started firewalling ports yet. A friend's ISP just started, and now his web and mail server, which I'm doing DNS for, are no longer available from outside -- they've started blocking those along with 445, 137, 139, and so on. Sadly, it looks like the ISP has no provision for lifting this if you can prove you're l33t enough, so it looks like he's screwed.
Honestly, though, I'm not surprised. Yeah, it sucks that the Internet is no longer open -- but it sucks that the Internet is no longer friendly, too, and the one is a consequence of the other. As much as I bitch about Windows and Microsoft, I don't think they're entirely to blame...you get that many people joining something, and you're going to have enough asshats to ruin it pretty quickly.
Carousel is a lie!
For me, the sound of something bouncing off the iris of a stargate from SG-1, is the most reassuring noise I could imagine hearing if I converted IP traffic to sound.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
wow... you are a moron.
My firewall has port 80 outbound open ONLY. incoming is only opened when it is tied to a request from a machine inside and that port is only open for that fraction of a second and then is closed again.
i suggest you actually LEARN about firewalls before you go spouting off at your mouth again.
dont believe me? ok then I dare you to get into my firewall... at 63.161.169.137
fricking poser wannabe anklebiter. you couldn't hack your way out of a wet paper bag.
I seem to remember a similar concept being used in fighter aircraft. The pilot would hear certain directional sounds to indicate inbound missiles. The advantage of using sound over a visual display was that the human mind is apparently very good a detecting the direction where a sound is coming from, and it avoids overloading the visual display further.
I've also heard of using sound in the monitoring systems for mechanical equipment. Operational events are assigned a certain sound, and a "normal" state of the equipment would have certain patterns and frequencies that an operator would recognize as normal. The operator doesn't have to know what each individual sound means. If something abnormal happens, the operator get a "sense" that something is wrong by the change in tempo / frequency, etc.
If done properly, I think that adding sound feedback to a network / firewall monitoring application could be useful.
What you need to ear is not the DROPed packets, but the ACCEPTed ones.
If you make a diferent sound for every port/address/whatever packet you receive it becomes easy to recognice when the traffic is anormal.
Years ago I worked as part of the helpdesk service at my college. One of our public labs had a large line-impact printer.
... I was at work this morning and something just like my original printer story happened. We've got large format DesignJet printers from HP (basically giant InkJet printers that can handle 3 to 5 foot wide, 300 foot long rolls of paper). When they print, they run a vacuum fan to hold the paper down and steady while the print head zips back and forth across the sheet. The vacuum fans produce a dull sort of roar while printing. BUT, there's this second sound while they're printing ... the sound of the print-head zipping back and forth, back and forth, across the sheet. Well, this morning, I was dealing with some stuff that really had me focusing on the task at hand. All of a sudden, some part of my brain alerted me to the fact that I'd been hearing the dull roar of the vacuum fan for a while, but not the sound of the print-head moving back and forth. This is really an am
[I'll include a side note for those who do not know what a line-impact printer is. Do you remember dot-matrix printers? No? Ok, no help for you. But for those of you who do remember them, you probably realized how having a single print-head that had to travel back and forth across the page contributed to their relatively slow printing speed. No doubt some of you came to the same conclusion the developer of the line-impact printer did: instead of having a tiny print head move back and forth across the page, simply create a huge print head (well, very wide but not very high) that could print an entire line at a time. That makes for a faster printer, and also a much more reliable printer (far fewer moving parts). Hence you can still find them in industrial applications where people need large volumes of low quality prints. This also happened to be ideal in an 1980's computer lab visited by uber geeks who needed to print out their code, and psychology students who needed to dump pounds and pounds of statistical data to a printer somehow. Anyway...]
The helpdesk office at this particular computer lab was attached to the lab with the line printer. So it was close enough you could hear it running. With normal, plain text like you'd see in a printout from a computer program, the printer (being an impact printer) made a recognizable sound. Mostly a wavering, roaring sound. However, when some idiot decided to dump a PostScript file to the printer - and with the printer just being designed for plain text (i.e. no freakin' PostScript like all the signs said) - the sound would change to a solid, angry roar as each entire page would be filled up by PostScript code. The difference in sound proved to be incredibly useful. Anyone sitting in the helpdesk office, even if they were concentrating on some other task and thus seemingly oblivious to the faint sound of the printer, would somehow hear the change in the sound. They'd know that someone had screwed up and that they needed to go and stop the job before the printer blew through an entire box of fan-fold paper.
As I say, we'd just tune into the change in the sound automatically. It wasn't even an especially conscious thing. You'd be working away on some task, completely engrossed in homework or something, and all of a sudden your brain would tune into the fact that the background sound had changed. With normal printing it was completely tuned out. You never noticed it until there was a problem. How fantastic is that? This is a great feature of the human brain - you can be giving your full attention to one task, but some other part of your brain is still somehow listening out for changes in your environment and will let you know if something's changed. I would find this so useful for a firewall. The sounds would have to be low volume and carefully chosen so as not to drive me insane in either instance (normal operation or "uh oh" mode), but I'd really love to give this a try.
It's such a coincidence
Whoever designed level 61 in Frozen Bubble is a sadistic bastard.