[Soekris] What to do with my old 4501

Bob Camp soekris at cq.nu
Wed Aug 29 11:33:05 UTC 2007 

Hi

A couple fairly easy things to add on the login box, most of them are  
just cron jobs:

1) Login timing - only login first 5 seconds of the minute
2) Rotating passwords by day / hour
3) Logging and email alerts - every login attempt generates an email
4) Login hours - If you are home at night, no logins then.
5) Rate limiting - stop responding for 10 minutes after 3-5 failed  
attempts

All of this stuff has downsides. If it is *vital* you log in you may  
not want to do some of them. What ever you do, I would go with SSH  
and set it up to use  *large* keys only.

Bob


On Aug 29, 2007, at 7:10 AM, Bill Maas wrote:

> On Mon, 2007-08-27 at 10:28 -0700, Paul Bartell wrote:
>> I would like to hear about some of these tricks. Its sounds like fun.
>
> Alternate ports, IP redirection, hosts.allow, complex multiple login
> paths, who knows what else (see firewall manuals in the first place).
>
> But the point is that a Soekris box is perfect for use as a central
> access point for a network: logins don't require huge amounts of
> processing power, and it's power usage while running 24/7 is
> eco-friendly by any standard. Also note that the difficulty to break
> into a system will grow [more or less] exponentially with the  
> number of
> different passwords required for access (which makes sudo vs. su an
> unsafe program to use, surely in ALL:ALL config). So using a surplus
> Soekris box as such a central RAS definitely makes sense.
>
>> I have also thought about controlling a robot with a soekris, but
>> wouldent you need more GPIO? or would you use a simple AVR program to
>> drive the servos etc?
>
> What I have in mind is a program that reads a command language and
> sends/receives bytes over RS232 to the microcontroller, which runs a
> program that translates these bytes into actions (and sensor input to
> bytes sent back). Such a translator would only have to be written  
> once,
> and programmed once per AVR (save for extensions and, of course, bug
> fixes).
>
> Gain: a comfortable programming environment without all the size
> constraints of traditional AVR (or PIC) programming. In other words  
> the
> possibility to run enormous programs, somthing which can't be done  
> with
> the standard tools. It will requires developing a command language of
> course, so this is obviously not something done over a weekend..
>
> Timing will definitely be an issue due to latencies in program  
> execution
> and the connection, but that's where a great part of the challenge  
> lies.
> Motion doesn't require real-time operation at all (we aren't real-time
> systems ourselves), and timing issues could be resolved in the  
> hardware,
> through anticipation and by setting message priorities. Maybe  
> having to
> deal with those latencies will even enhance the robot's motion in the
> end.
>
> I'm by far not a robot expert, I just stumbled into robotics by chance
> about 1 1/2 year ago. From what I've seen so far it's not really a
> stupid idea. It's just like controlling a robot from a PC, but with  
> the
> PC sitting on the robot itself.
>
> It does at least look like a nice challenge. Can't wait to see the  
> first
> robot run, "Powdered By OpenBSD". So if anyone is interested in  
> starting
> a SoekrisBot project, I'd be happy to contribute whatever I can.
>
>
> Bill
>
>> On 8/27/07, Bill Maas <bill at stsx.org> wrote:
>>> Hi,
>>>
>>> (1) (Almost) identical config for load-balancing and/or cases where
>>>     the 4801 breaks down or needs to be pulled down for maintenance.
>>>     CARP is tailored for such setups, but I couldn't get it working
>>>     together with SSH (that was on OpenBSD 3.9, using the local
>>>     ethernet interface for SSH logins - with a separate maintenance
>>>     network it should give no problems).
>>>
>>> (2) In case you are offering external SSH access to any "live"  
>>> device:
>>>     set up the 4501 as an "SSH RAS" for your network. You'll have  
>>> to log
>>>     in twice or more to reach a particular machine, but at least it
>>>     won't have to be directly exposed to the Big Bad World anymore.
>>>     And you can play all kinds of tricks to make a cracker's life  
>>> more
>>>     difficult - fun!!
>>>
>>> (3) Use it for controlling a robot. Would require some real-time
>>>     capabilities from the OS though. But if you've ever  
>>> programmed an
>>>     AVR directly, you'll know how incredibly comfortable high-level
>>>     languages running with MB's rather than kB's of memory are.  
>>> I'd very
>>>     much like to give this a try, in case anyone's interested.  
>>> Should
>>>     provide Soekris Engineering with a great boost too. Robots  
>>> are hot!
>>>     (it seems).
>>>
>>> Bill
>>>
>>> On Sat, 2007-08-25 at 10:14 -0500, Ronald L. Rosson Jr. wrote:
>>>> I currently have a NET4501 sitting on the shelf doing nothing since
>>>> it was replaced by my NET4801 as a firewall running pfSense.
>>>>
>>>> I am looking for a low cost solution to have this system do  
>>>> something
>>>> that can benefit my network that the NET4801 is not doing at the  
>>>> moment.
>>>>
>>>> any idea?
>>>>
>>>> TIA
>>>>
>>>> -Ron
>>>> _______________________________________________
>>>> Soekris-tech mailing list
>>>> Soekris-tech at lists.soekris.com
>>>> http://lists.soekris.com/mailman/listinfo/soekris-tech
>>>>
>>>
>>> _______________________________________________
>>> Soekris-tech mailing list
>>> Soekris-tech at lists.soekris.com
>>> http://lists.soekris.com/mailman/listinfo/soekris-tech
>>>
>>
>>
>
> _______________________________________________
> Soekris-tech mailing list
> Soekris-tech at lists.soekris.com
> http://lists.soekris.com/mailman/listinfo/soekris-tech
>

More information about the Soekris-tech mailing list