Slashdot Mirror
The Sound of Your Firewall
upside writes "It had to be done. Once The Spinning Cube of Potential Doom gave us a 3D visualization of a firewall, someone was bound to ask themselves 'What does your firewall sound like?'."
← Back to Stories (view on slashdot.org)
I really like these concepts for alternate ways to visualize large amounts of data. Reminds me of Douglas Adam's Dirk Gently books. There was a character who wrote a program called Anthem that would interpret a company's stock data and vital statistics and play a tune based on that data.
Rather than using a Wav. file, maybe this could be written to play a variety MIDI tones to account for all kinds of activity on your network!
Urge to post... fading... fading... RISING!... fading... fading... gone.
That's all well and good, but what I really, really am dying to know is what my firewall FEELS like...
moudulating the pitch on the dropped/blocked port numbers? I bet it could sound like a windchime with the proper modulus.
This wall sounds like burning!
I've been doing exactly this same thing for a while. I found that it got extrememly obnoxious, so I dumbed mine down to just play a wave file whenever I get pinged by someone pinging me from a command line ping. I don't know why the length is different than the crap pings that come in every 8 or 9 seconds, but with this swatch definition below, it seems to trigger only when I am pinged by hand.
/firewall-ping.*LEN=84/
/etc/pingwatch.lock 1>/dev/null` /etc/pingwatch.lock) && (/usr/bin/play /usr/local/site/etc/soun /etc/pingwatch.lock)
.wav
/etc/crontab or whatever:
/usr/local/site/bin/arp-watch
/etc/arptable 1>/dev/null : /usr/bin/play /usr/local/site/etc/sounds/new.arp.entry.wav && echo $each >> /etc/arptable
:D
So, put this in your swatch file that watches your firewall log:
watchfor
exec "/usr/local/site/bin/ping-wave.sh ping.wav"
That script just locks the darned thing so it doesnt pop and crack if i get pinged twice:
ping-wave.sh:
if `grep OPEN
then (echo -n >
ds/$1) && (echo OPEN >
fi
And here's a link to my ping wave for you to use:
ping
I also used the naturalvoices website to make a nerdy computer lady announcing new entries in my arp table. You can grab wave file too if you want. Here's the script I have for that:
put this in your
0-59 * * * * root
and then make the above command contain this:
#!/bin/bash
for each in `arp -n |grep -v "Address"|grep -v "eth0"|awk '{print $3}'`
do
if grep $each
then
else
fi
done
if anyone can improve upon my bash, please, i have no ego.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
I'd rather have a silent firewall... I'm not the kind of people who likes having a big warning everytime some script kiddy scans my port 31337 or pings me... hell ZoneAlarm will warn you if there's a DHCP server on your network... and people who don't know better think that OMG IT'S A HAX!!!!!!11111111...
Maybe it could be nice on an IDS system though..
Grrr.. ch ch ch.. grrrr. ch ch ch... grrrr.. ch ch ch..
I need to replace the harddrive soon or im going to be without a firewall.
no
"Ding Dong"..."No one's home"
"Ding Dong"..."Not interested"
"Ding Dong"..."Go away"
"Ding Dong"..."Leave me alone"
"Ding Dong"..."porn you say? well come right on in"
"Look Lois, the two symbols of the Republican Party: an elephant, and a fat white guy who is threatened by change."
It sounds like the screams of thousands of users, as I hit that red button marked: Power.
I use windows, so my firewall sounds something like this
Holy Crap! Help me lord! Bleeep!
ever get the feeling that some people have entirely too much time on their hands?
Professional Politicians are not the solution, they ARE the problem.
Like a 486 on its last legs, fans barely moving, and the smell of cooking dust.... ahhhh.
E.
Never rub another man's rhubarb - The Joker
Sure, come on in.
Hi, step right up.
Wait, let me see your ID...okay...Sasser eh? Alright sounds good.
Alright, I'm going on break now. Time for wifi to shut down
"AAAAAAAAAAAAAAAAAIIIIIEEEE! Too many hits!!!! F*#%ING Slashdot!"
For your security, this post has been encrypted with ROT-13, twice.
I send firewall logs to DShield.org, and you should to. The firewall is set to only log 100 denied packets at a time, so lazy bastard that I am I set a cronjob to reset the counters every hour. That was a few months ago.
Last week I happened to be looking at the logfiles, and I noticed something: an hour was no longer enough. The counter hits 100 within 10 or 15 minutes. I can watch the hits come in, and it's all Windows crap: Port 445. Port 137. Port 139. Port 1026. That's it. Nothing interesting -- you know, no stealthy scans by l33t cr5X0rZ, no probing for open relays, nothing.
Two thoughts before I go:
First, this makes for excellent demonstration material. A coworker mentioned that he was considering moving from Windows to Linux because he was tired of all the viruses and worms. I showed him what tail -f on my firewall logs looked like, pointed out that it was all Windows junk, and he was convinced. Gave him a Knoppix CD and made another notch on my belt. :-)
Second, I'm lucky: my ISP has not yet started firewalling ports yet. A friend's ISP just started, and now his web and mail server, which I'm doing DNS for, are no longer available from outside -- they've started blocking those along with 445, 137, 139, and so on. Sadly, it looks like the ISP has no provision for lifting this if you can prove you're l33t enough, so it looks like he's screwed.
Honestly, though, I'm not surprised. Yeah, it sucks that the Internet is no longer open -- but it sucks that the Internet is no longer friendly, too, and the one is a consequence of the other. As much as I bitch about Windows and Microsoft, I don't think they're entirely to blame...you get that many people joining something, and you're going to have enough asshats to ruin it pretty quickly.
Carousel is a lie!
...but I imagine the Linux Gazette web server sounds like Rice Krispies about now.
The coolest voice ever.
Can't read the article due to 'slashing but it's already been done by peep - the network analyzer:
e edings/lisa2000/gilfix/gilfix_html/
http://www.usenix.org/publications/library/proc
"Bah!" - Dogbert
'Ecky- ecky- ecky- ecky- pikang- zoop- boing- goodem- zoo- owli- zhiv'
=)
e.
Build Your Own PVR/HTPC news, reviews, &
o/~ Badger badger badger badger badger badger badger badger badger badger badger badger MUSHROOM MUSHROOM! o/~
o/~ Ohhh, a worrrm, oh noooo it's a worrrrrm o/~
Honey, I shrunk the Cygwin
Unless you installed GNU tail, the OSX tail does not have the --follow option.
Don't forget to run it as root.
You don't need root access, you only need to be in the admin group, which I would guess you already are if you have root access.
Plus, I would guess that the default option for playing an aiff file is via Quicktime, which may get intrusive.
Lesson learned, don't mod something as informative unless you know what it says.
My firewall sounds like a really bad techno song. It starts with a nice driving rythem with hits on 137 that come out like:
O M
bump-bump-bump-bump-bump-bump-bump-bump-bump
Then maybe a few attempts at an SQL worm on 1433-1434 so i get the second layer of the track; that's sound like 'dittlit-bump' so the track now becomes
bump-bump-bump-dittlit-bump-dittlit-bump
Now we've got some rythem going, but we there's always that annoying yet musical sound that comes interrupts the song the first time you hear it, but then you get used to it. We'll call that a portscan. ports 135-137-445-3127-5000
dah-dah-dahdah-dah-dah-dahdahdah
But at just that moment I get a fresh IP from my DSL provider, and the last guy who had it was running eDonkey, AIM file transfers, and bittorrent (as happened to my a couple days ago) and all the crap clients for said programs don't realize the old client died, so they keep trying said addresses.....we'll call that a big-ass bass hit that starts the loop over again.
BOOOOOOOOOOOOOM-BOOOOOOOOOOOOOM-BOOOOOOOOOOOOOO
Holy crap, my firewall sounds exactly like the Strong Bad techno song, minus the 'the system is down' quote. (ahhh the benfits of coyote linux. or IPcop.)
http://www.homestarrunner.com/sbemail.html
There are some people that if they don't know, you can't tell 'em.
You need this kind of quality to accurately measure the warfare that your Firewall is waging against anything evil on the cyber-waves. That latest Windows virus? Nope got smacked down by your firewall and you heard it about a minute ago.
Forget games(!?), just listen to your firewall wage glorious battle for the freedom and security of your PC and/or home network(!) in the comfort of your own home! All it would need then is a quality commentary...
"Firewall detected malicious port scan and DOS (Denial of Service) attacks aimed towards IP 19.5.4.10 on port 70. Access denied, commence lockdown and vapourize all opposition!" Forget those war movies folks, you can experience it for yourself now!
Or how about "Reinforcements (firewall updates) have just arrived deploying them as according to operating procedures".
Man, that would be the life, at least now spending hours on your own PC won't be dull again! Only thing left would be to be figure out a way to salute to your firewall and give it medals of honour...Hmmmm, this will take some time to figure out, but at least we got this far ^_^
What you need to ear is not the DROPed packets, but the ACCEPTed ones.
If you make a diferent sound for every port/address/whatever packet you receive it becomes easy to recognice when the traffic is anormal.