Slashdot Mirror
The Sound of Your Firewall
upside writes "It had to be done. Once The Spinning Cube of Potential Doom gave us a 3D visualization of a firewall, someone was bound to ask themselves 'What does your firewall sound like?'."
← Back to Stories (view on slashdot.org)
I really like these concepts for alternate ways to visualize large amounts of data. Reminds me of Douglas Adam's Dirk Gently books. There was a character who wrote a program called Anthem that would interpret a company's stock data and vital statistics and play a tune based on that data.
Rather than using a Wav. file, maybe this could be written to play a variety MIDI tones to account for all kinds of activity on your network!
Urge to post... fading... fading... RISING!... fading... fading... gone.
where the heck do people find the time for this stuff.... I can think of a whack load more things to do... like read slashdot.
That's all well and good, but what I really, really am dying to know is what my firewall FEELS like...
moudulating the pitch on the dropped/blocked port numbers? I bet it could sound like a windchime with the proper modulus.
This wall sounds like burning!
I've been doing exactly this same thing for a while. I found that it got extrememly obnoxious, so I dumbed mine down to just play a wave file whenever I get pinged by someone pinging me from a command line ping. I don't know why the length is different than the crap pings that come in every 8 or 9 seconds, but with this swatch definition below, it seems to trigger only when I am pinged by hand.
/firewall-ping.*LEN=84/
/etc/pingwatch.lock 1>/dev/null` /etc/pingwatch.lock) && (/usr/bin/play /usr/local/site/etc/soun /etc/pingwatch.lock)
.wav
/etc/crontab or whatever:
/usr/local/site/bin/arp-watch
/etc/arptable 1>/dev/null : /usr/bin/play /usr/local/site/etc/sounds/new.arp.entry.wav && echo $each >> /etc/arptable
:D
So, put this in your swatch file that watches your firewall log:
watchfor
exec "/usr/local/site/bin/ping-wave.sh ping.wav"
That script just locks the darned thing so it doesnt pop and crack if i get pinged twice:
ping-wave.sh:
if `grep OPEN
then (echo -n >
ds/$1) && (echo OPEN >
fi
And here's a link to my ping wave for you to use:
ping
I also used the naturalvoices website to make a nerdy computer lady announcing new entries in my arp table. You can grab wave file too if you want. Here's the script I have for that:
put this in your
0-59 * * * * root
and then make the above command contain this:
#!/bin/bash
for each in `arp -n |grep -v "Address"|grep -v "eth0"|awk '{print $3}'`
do
if grep $each
then
else
fi
done
if anyone can improve upon my bash, please, i have no ego.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
I'd rather have a silent firewall... I'm not the kind of people who likes having a big warning everytime some script kiddy scans my port 31337 or pings me... hell ZoneAlarm will warn you if there's a DHCP server on your network... and people who don't know better think that OMG IT'S A HAX!!!!!!11111111...
Maybe it could be nice on an IDS system though..
Grrr.. ch ch ch.. grrrr. ch ch ch... grrrr.. ch ch ch..
I need to replace the harddrive soon or im going to be without a firewall.
no
"Ding Dong"..."No one's home"
"Ding Dong"..."Not interested"
"Ding Dong"..."Go away"
"Ding Dong"..."Leave me alone"
"Ding Dong"..."porn you say? well come right on in"
"Look Lois, the two symbols of the Republican Party: an elephant, and a fat white guy who is threatened by change."
It sounds like the screams of thousands of users, as I hit that red button marked: Power.
I use windows, so my firewall sounds something like this
Holy Crap! Help me lord! Bleeep!
ever get the feeling that some people have entirely too much time on their hands?
Professional Politicians are not the solution, they ARE the problem.
Microsoft firewall: "Please don't hurt me! Hey, you look cool, can't possibly be malicious, come right in... OW, OH, THE PAIN!"
Norton firewall: "Bahahahaa! You can't get past me! I AM INVINCIBLE!!! *fires the firewall equivilent of fully automatic weapons into the air*"
There is no mod option "-1: Disagree" for a reason. "Overrated" is not an acceptable substitute. Post something instead.
Like a 486 on its last legs, fans barely moving, and the smell of cooking dust.... ahhhh.
E.
Never rub another man's rhubarb - The Joker
Sure, come on in.
Hi, step right up.
Wait, let me see your ID...okay...Sasser eh? Alright sounds good.
Alright, I'm going on break now. Time for wifi to shut down
how long until full fps style interaction with firewalls? this is the beginning of a Shadowrun-like matrix net where audio and visual become a big part of hacking
This is my sig. There are many like it, but this one is mine.
"AAAAAAAAAAAAAAAAAIIIIIEEEE! Too many hits!!!! F*#%ING Slashdot!"
For your security, this post has been encrypted with ROT-13, twice.
I send firewall logs to DShield.org, and you should to. The firewall is set to only log 100 denied packets at a time, so lazy bastard that I am I set a cronjob to reset the counters every hour. That was a few months ago.
Last week I happened to be looking at the logfiles, and I noticed something: an hour was no longer enough. The counter hits 100 within 10 or 15 minutes. I can watch the hits come in, and it's all Windows crap: Port 445. Port 137. Port 139. Port 1026. That's it. Nothing interesting -- you know, no stealthy scans by l33t cr5X0rZ, no probing for open relays, nothing.
Two thoughts before I go:
First, this makes for excellent demonstration material. A coworker mentioned that he was considering moving from Windows to Linux because he was tired of all the viruses and worms. I showed him what tail -f on my firewall logs looked like, pointed out that it was all Windows junk, and he was convinced. Gave him a Knoppix CD and made another notch on my belt. :-)
Second, I'm lucky: my ISP has not yet started firewalling ports yet. A friend's ISP just started, and now his web and mail server, which I'm doing DNS for, are no longer available from outside -- they've started blocking those along with 445, 137, 139, and so on. Sadly, it looks like the ISP has no provision for lifting this if you can prove you're l33t enough, so it looks like he's screwed.
Honestly, though, I'm not surprised. Yeah, it sucks that the Internet is no longer open -- but it sucks that the Internet is no longer friendly, too, and the one is a consequence of the other. As much as I bitch about Windows and Microsoft, I don't think they're entirely to blame...you get that many people joining something, and you're going to have enough asshats to ruin it pretty quickly.
Carousel is a lie!
...but I imagine the Linux Gazette web server sounds like Rice Krispies about now.
The coolest voice ever.
Can't read the article due to 'slashing but it's already been done by peep - the network analyzer:
e edings/lisa2000/gilfix/gilfix_html/
http://www.usenix.org/publications/library/proc
"Bah!" - Dogbert
For me, the sound of something bouncing off the iris of a stargate from SG-1, is the most reassuring noise I could imagine hearing if I converted IP traffic to sound.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
'Ecky- ecky- ecky- ecky- pikang- zoop- boing- goodem- zoo- owli- zhiv'
=)
e.
Build Your Own PVR/HTPC news, reviews, &
PEEP the Network Auralizer This project, cooperatively developed by a faculty member and student in the Tufts University Comp. Sci. dept. answers this question. PEEP applies sounds to network events. Its really cool, i had checked it out, but didn't have much time to get very far with it. I imagine this software's authors will appreciate it if you give it a gander, and let them know.
sigSEGV - doy!
o/~ Badger badger badger badger badger badger badger badger badger badger badger badger MUSHROOM MUSHROOM! o/~
o/~ Ohhh, a worrrm, oh noooo it's a worrrrrm o/~
Honey, I shrunk the Cygwin
I know windows XP is supposed to have a firewall, but for the life of me I can't find it.
Just in case you mean it (and I missed the joke):
Start -> Setting -> Control Panel -> Network Connections, right-click on the network connection that you want to "firewall", select Properties, then on the third tab, Advanced, select the check box for Protect my computer and network by limiting or preventing access to this computer from the Internet.
from Use the Internet Connection Firewall
Carthago delenda est!
Unless you installed GNU tail, the OSX tail does not have the --follow option.
Don't forget to run it as root.
You don't need root access, you only need to be in the admin group, which I would guess you already are if you have root access.
Plus, I would guess that the default option for playing an aiff file is via Quicktime, which may get intrusive.
Lesson learned, don't mod something as informative unless you know what it says.
My firewall sounds like a really bad techno song. It starts with a nice driving rythem with hits on 137 that come out like:
O M
bump-bump-bump-bump-bump-bump-bump-bump-bump
Then maybe a few attempts at an SQL worm on 1433-1434 so i get the second layer of the track; that's sound like 'dittlit-bump' so the track now becomes
bump-bump-bump-dittlit-bump-dittlit-bump
Now we've got some rythem going, but we there's always that annoying yet musical sound that comes interrupts the song the first time you hear it, but then you get used to it. We'll call that a portscan. ports 135-137-445-3127-5000
dah-dah-dahdah-dah-dah-dahdahdah
But at just that moment I get a fresh IP from my DSL provider, and the last guy who had it was running eDonkey, AIM file transfers, and bittorrent (as happened to my a couple days ago) and all the crap clients for said programs don't realize the old client died, so they keep trying said addresses.....we'll call that a big-ass bass hit that starts the loop over again.
BOOOOOOOOOOOOOM-BOOOOOOOOOOOOOM-BOOOOOOOOOOOOOO
Holy crap, my firewall sounds exactly like the Strong Bad techno song, minus the 'the system is down' quote. (ahhh the benfits of coyote linux. or IPcop.)
http://www.homestarrunner.com/sbemail.html
There are some people that if they don't know, you can't tell 'em.
You need this kind of quality to accurately measure the warfare that your Firewall is waging against anything evil on the cyber-waves. That latest Windows virus? Nope got smacked down by your firewall and you heard it about a minute ago.
Forget games(!?), just listen to your firewall wage glorious battle for the freedom and security of your PC and/or home network(!) in the comfort of your own home! All it would need then is a quality commentary...
"Firewall detected malicious port scan and DOS (Denial of Service) attacks aimed towards IP 19.5.4.10 on port 70. Access denied, commence lockdown and vapourize all opposition!" Forget those war movies folks, you can experience it for yourself now!
Or how about "Reinforcements (firewall updates) have just arrived deploying them as according to operating procedures".
Man, that would be the life, at least now spending hours on your own PC won't be dull again! Only thing left would be to be figure out a way to salute to your firewall and give it medals of honour...Hmmmm, this will take some time to figure out, but at least we got this far ^_^
DOS attack -- Hail storm, Pong or Arkanoid with gold bricks
Firewall penetration -- Breakout or Arkanoid with lasers
Block All Traffic -- Mario with a star
I seem to remember a similar concept being used in fighter aircraft. The pilot would hear certain directional sounds to indicate inbound missiles. The advantage of using sound over a visual display was that the human mind is apparently very good a detecting the direction where a sound is coming from, and it avoids overloading the visual display further.
I've also heard of using sound in the monitoring systems for mechanical equipment. Operational events are assigned a certain sound, and a "normal" state of the equipment would have certain patterns and frequencies that an operator would recognize as normal. The operator doesn't have to know what each individual sound means. If something abnormal happens, the operator get a "sense" that something is wrong by the change in tempo / frequency, etc.
If done properly, I think that adding sound feedback to a network / firewall monitoring application could be useful.
What you need to ear is not the DROPed packets, but the ACCEPTed ones.
If you make a diferent sound for every port/address/whatever packet you receive it becomes easy to recognice when the traffic is anormal.
Years ago I worked as part of the helpdesk service at my college. One of our public labs had a large line-impact printer.
... I was at work this morning and something just like my original printer story happened. We've got large format DesignJet printers from HP (basically giant InkJet printers that can handle 3 to 5 foot wide, 300 foot long rolls of paper). When they print, they run a vacuum fan to hold the paper down and steady while the print head zips back and forth across the sheet. The vacuum fans produce a dull sort of roar while printing. BUT, there's this second sound while they're printing ... the sound of the print-head zipping back and forth, back and forth, across the sheet. Well, this morning, I was dealing with some stuff that really had me focusing on the task at hand. All of a sudden, some part of my brain alerted me to the fact that I'd been hearing the dull roar of the vacuum fan for a while, but not the sound of the print-head moving back and forth. This is really an am
[I'll include a side note for those who do not know what a line-impact printer is. Do you remember dot-matrix printers? No? Ok, no help for you. But for those of you who do remember them, you probably realized how having a single print-head that had to travel back and forth across the page contributed to their relatively slow printing speed. No doubt some of you came to the same conclusion the developer of the line-impact printer did: instead of having a tiny print head move back and forth across the page, simply create a huge print head (well, very wide but not very high) that could print an entire line at a time. That makes for a faster printer, and also a much more reliable printer (far fewer moving parts). Hence you can still find them in industrial applications where people need large volumes of low quality prints. This also happened to be ideal in an 1980's computer lab visited by uber geeks who needed to print out their code, and psychology students who needed to dump pounds and pounds of statistical data to a printer somehow. Anyway...]
The helpdesk office at this particular computer lab was attached to the lab with the line printer. So it was close enough you could hear it running. With normal, plain text like you'd see in a printout from a computer program, the printer (being an impact printer) made a recognizable sound. Mostly a wavering, roaring sound. However, when some idiot decided to dump a PostScript file to the printer - and with the printer just being designed for plain text (i.e. no freakin' PostScript like all the signs said) - the sound would change to a solid, angry roar as each entire page would be filled up by PostScript code. The difference in sound proved to be incredibly useful. Anyone sitting in the helpdesk office, even if they were concentrating on some other task and thus seemingly oblivious to the faint sound of the printer, would somehow hear the change in the sound. They'd know that someone had screwed up and that they needed to go and stop the job before the printer blew through an entire box of fan-fold paper.
As I say, we'd just tune into the change in the sound automatically. It wasn't even an especially conscious thing. You'd be working away on some task, completely engrossed in homework or something, and all of a sudden your brain would tune into the fact that the background sound had changed. With normal printing it was completely tuned out. You never noticed it until there was a problem. How fantastic is that? This is a great feature of the human brain - you can be giving your full attention to one task, but some other part of your brain is still somehow listening out for changes in your environment and will let you know if something's changed. I would find this so useful for a firewall. The sounds would have to be low volume and carefully chosen so as not to drive me insane in either instance (normal operation or "uh oh" mode), but I'd really love to give this a try.
It's such a coincidence
Whoever designed level 61 in Frozen Bubble is a sadistic bastard.