i am currently running a network off of a cable modem. right now i use and old p200 system running win2k for ip masquerading. i plan to convert this to a linux ip masquare shortly.
inside i have a linux box that i use for file sharing (samba, with no passwords on anything) and all my roomates computers. After i switch my NAT machine to linux, how safe is my linux box inside the network? Is it that hard to hack a well configured NAT machine? How would i ever know if either of the linux boxes were hacked?
thanx for the help

PS. i am new to the forum and find it EXTREMELY usefull. You guys (and gals) rock.

As safe as uve configured ure box for general use.
In regard to NAT, as safe as ure fw rules.
Ppl from the outside cant connect to NATted boxes on their own. OTOH, u can initiate the connection from behind the NAT, it then is an allowed connection, and so would be anything sent over that connection. Another issue is with portforwarding. It allows ppl to connect tru the NAT box transparently to a service running one a box behind the NAT.

If its well configured there wouldnt be any vulnerable services running on the NAT box itself.

Read www.cert.org/tech_tips/intruder_detection_checklist.html Its still valid.
Have (and use) some of the following: an integrity checker like Tripwire or Aide. A rootkit scanner like chrootkit. Some alerting/defense cap like and Portsentry, Snort or Ippl, Scandetd. It might seem overkill to use any of these on ure box, but in the end itll save u time from checking manually, theyll only alert (if configured well) if theres really smptin wrong.

tyler:

Some very general words of caution. I'm not sure how familiar you are with Linux, so forgive me if I'm reminding you of things you already know.

Most Linux distros have many services load by default at boot time, leaving you with lots of open ports and vulnerabilities. I suppose that they assume that you'll be using it as a server and want to make things easy on you or something. Close all ports that you do not need open by shutting down the services that are using them.

To see what ports you have open you issue the netstat -a (or -l) command (which also works in w2k, btw) to see what ports are listening. Every open port is a vulnerability. Close as many as possible.

Just relying on NAT as a firewall is not secure at all.
Due to the system bridging two networks with address translation means it's rewrapping the tcp packets and has to trust certain packet sources.

So unless you add some extra security, hackers can change packets to spoof your NATwall into thinking it's come from the internal address or a trusted source.

Get a firewall up.
NAT with a firewall is secure.

/Raz