If you're bent on making your own LFS-type fw/rtr and you want to make it spiffy, then IMO you gotta make sure you know the basic networking and security stuff. I'll post some refs below.
Next I'd take a few router specific distro's and rip 'em apart to see what makes 'em tick, rip the best bits and features and then build your own. Intermediate level knowledge of Linux and programming will come in handy.
Basic references:
- AUSCERT UNIX Computer Security Checklist (Version 1.1)
www.cert.org/tech_tips/AUSCERT_checklist1.1
- Steps for Recovering from a UNIX or NT System Compromise
www.cert.org/tech_tips/root_compromise.html
In fact read the whole of
http://www.cert.org/tech_tips/
- The CIT Computer Security Handbook:
www.cit.nih.gov/security/handbook.html
- Aging stuff from Phrack, good to read back to be sure, like "Unix System Security Issues"
www.fc.net/phrack/files/p18/p18-7.html
- SEI stuff like
www.sei.cmu.edu/publications/lists.html handling IDS
- Intrusion Detection and Network Auditing on the Internet
www.infosyssec.net/infosyssec/intdet1.htm
Top it off with some reading material on security:
- Security tips:
www.cert.org/tech_tips/ and
www.cert.org/security-improvement/, http://www.securityportal.com/resear...xsecurity.html
- Top ten vulnerabilities:
www.sans.org/topten.htm and
http://www.cert.org/present/cert-ove...ends/index.htm
- Firewalling:
www.infosyssec.net/infosyssec/firew1.htm, www.linux-firewall-tools.com/linux/
- Securing Xwindows:
http://www.uwsg.indiana.edu/usail/ex...d/xsecure.html
Basic Linux references:
http://www.sans.org/infosecFAQ/linux/linux_list.htm
-
The SANS Reading room: Linux issues (used Google's cache),
- the LASG or
Linux Administrator's Security Guide,
- Securing Optimizing Linux RH Edition(1),
-
Linux Security HOWTO,
*Linuxsecurity.com have a Quickreference pdf card.
Post-Installation Security Procedures (Linuxjournal)
-
Security Quick-Start HOWTO for Linux,
- The Linux-PAM System Administrators' Guide
-
Armoring Linux,
- A Short Course on Systems Administration and Security Under Unix(1)
- SAG:
The Linux System Administrator's Guide,
- Basics on firewalling:
www.linuxdoc.org/HOWTO/Firewall-HOWTO.html
- Basic introduction to building ipchains rules:
www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
- Explanation of the Ipchains logformat: logi.cc/linux/ipchains-log-format.php3
- Ipchains log decoder: dsl081-056-052.dsl-isp.net/dmn/decoder/decode.php
- The Iptables HOW-TO:
http://people.unix-fu.org/andreasson/index.html
- LQ notes on Linksys security:
http://www.linuxquestions.org/questi...007#post157007
- The Unix Auditor's Practical Handbook:
http://www.nii.co.in/tuaph.html,
Neohapsis archives:
http://www.neohapsis.com
Linux Gazette:
http://www.linuxgazette.com
Experts exchange:
http://www.experts-exchange.com
Linuxsecurity.com, SecurityFocus.com
Matt's Unix Security Page:
http://www.deter.com/unix/
E-secure-db Security Information database:
http://www.e-secure-db.us/dscgi/ds.p...ollection-1586
eBCVG.com's security portal:
http://www.ebcvg.com/info.php
Jay Beale's docs (Bastille-linux/CIS):
http://www.bastille-linux.org/jay/se...icles-jjb.html
Snort: IDS Installation with Mandrake 8.2, Snort, Webmin, Roxen Webserver, ACID, MySQL:
http://www.linux-tip.net/workshop/id.../ids-snort.htm
Snort: Database support FAQ:
http://www.incident.org/snortdb/
Or, if ure just cruisin for links, try n read something else, search/visit these places/ppl that mean something: Sans, CERT, AUSCERT, Lance Spitz, dugsong, loki, Robert Graham, Dave Dittrich, Wietse Venema, Fyodor, Mixter, CHU and Immortal Descendants, Monark to name but a few.
A combination of Protocols & services is in the Linux Network Administrators Guide (NAG)
Else theres more brainfood at
Uri's TCP resource list:
www.private.org.il/tcpip_rl.html,
Daryl's TCP/IP primer:
www.tcpipprimer.com,
Teach Yourself TCP IP in 14 Days:
www.sivik.org/Books/Teach Yourself TCP IP in 14 Days/
Macmillan's "Maximum Security".
A word on O'Reilly's TCP/IP Network Administration.
O'Reilly has a myriad of books of which, unfortunately for them, some can also be found online, just search for "O'reilly and bookshelf", "o'reilly reference bookshelf" or "o'reilly cd bookshelf" :-]
Netfilter+Iptables HOWTO:
LQ search: iptables+howto,
Linuxguruz.org,
Netfilter.org Packetfiltering HOWTO,
Linuxsecurity.com Iptables tutorial,
Andreasson's Iptables tutorial,
Iptables Connection tracking.
Ipchains HOWTO:
TLDP Ipchains HOWTO,
Flounder.net Ipchains HOWTO.
Other resources/misc stuff:
FAQ: Firewall Forensics (What am I seeing?),
Linux Firewall and Security Site,
Auditing Your Firewall Setup (old, still usefull),
TLDP: Firewall Piercing mini-HOWTO"],
Something called the "Home PC Firewall Guide",
Vendor/Ethernet MAC Address Lookup,
Netfilter Iptabes/Ipchains Log Format,
Dshield (find out if IP was marked as used in attacks),
(Snort) Port search,
Neohapsis Port search,
(IPMasq) P2P ports,
Infosyssec's Firewall Security and the Internet (badly updated site).
Nil volentibus arduum or "keep your eye on the money",
as it could be translated in these modern times...
HTH