Mat

Looks like I'll just upgrade the cards in the current pfsense box then. That's a fine solution I was just interested in options. As for prices, £35 per month will get you a 100/5 line, and those speeds are pretty solid, not a fictional "up to" speed.

The internet is a little faster than it used to be. CDN's easily offer those speeds. But I digress. What router hardware is used by anyone here with a decent internet connection and and without Cisco money? :)

That's a very good point actually. Two computers and a handful of mobile devices really, the standard for a single guy :) The main computer has a decent SSD with a sustained write speed over 200mbps though, so I've a bit of room yet! Don't get me wrong, 120 down is way overkill for most things, but if it's there, it will be nice to use it! Oh, and 5mb up is the fastest domestic speed possible in the UK.

My home connection is rated at 100mbps down, 5mbps up. Moving to 120mbps down when the provider gets its act together and upgrades the headend. I currently have the docsis3 modem connected to an old desktop computer running pfsense, and it has a server grade dual port 100mbps network card in it. The upgrade will mean that the download speed of the WAN is faster than the wirespeed of the LAN ! Everything else is connected to a small gigabit switch, but if I want to get the most from the connection, I'll need to two gigabit cards to the pfsense machine. Before I do so, is there any other options? Are there any low power devices capable of running at these speeds, what's the lowest cost solution? here's a speedtest result from a moment ago, over wifi :) http://www.speedtest.net/result/2523055951.png Thanks.

We may be talking about slightly different things. I'm not referring to websites, or for that matter even a web browser. Tunnelblick for OSX establishes a VPN using SSL protocols and makes it available to the system, the VPN is restricted to just allow the user to run a terminal services session on the office servers.

Thanks for that, so as long as the vendor has done their job right, a packet replay attack is unlikely. So, if I were to connect the VPN while connected to a "bad wireless network", and all the traffic were captured; a hacker wouldnt be able to just re-send everything and gain a connection to the workplace, and he'd not be able to extract the username/password from the packet capture because they'd be encrypted by the SSL layer. That puts to rest most of my concerns; I was thinking that the encryption was not brought up until the link was, so the credentials may be passed in the clear. The remaining point would be sslstrip or similar which I hear can get ssl credentials by putting itself in the live connection and impersonating the remote side (I think) anyone got any thoughts there? I know I'm being too paranoid about this, but I think it's best to assume the worst and plan accordingly! [edit: worth mentioning some specifics. The VPN is being made on OSX using the 3rd party software Tunnelblick and its connecting to a Smoothwall UTM308. I've spoken to smoothwall support about native LT2P over IPSec and they say it cant be done, basically. ]

At work we have laptops which connect back to the office via an IPSec over L2TP VPN. The connection is made with a username and password and a certificate is installed on the laptop, without which the username and password will not be accepted. This, I think is a good thing. This only works for windows though, the folks with a Mac laptop are out of luck. My only option to allow connections from the Mac's is to enable SSL VPN's but this is a security concern to me. The SSL VPN is secured with only the username and password. I see on the show that Darren often recommends the use of a VPN for domestic use, so you'd VPN while at Starbucks before connecting to gmail or something, so people cant get your email credentials, but the part I dont understand is, what's to stop someone sniffing my VPN username and password and then just connecting as me? Short version then is: Is SSL VPN vulnerable to a replay attack, and is SSL VPN secure enough for corporate use? Any and all comments on this topic will be appreciated.

I've got loads of that brand of drive and they work fine. Try using the HP USB formatting tool, then use grubinst_gui to install a bootable MBR (make sure to pick the right drive) and then replace grldr with the one from grum4dos. That really should be all there is to it.

I still dont understand how the plantext passwords were acquired if they were stored salted and hashed.

Fix already reported in this thread in Post 84 I know this thread is getting long, but it'll get even longer if questions are repeated!

I've added some more today, Puppy Linux SliTaz ntpasswd F-Secure Rescue CD Kapersky Rescue CD Ubuntu 9.04 (iso mount method shown above) XBMC Live CD xPUD AIDA Ranish Partition Manager MHDD I think it's time I took a backup of this drive now!

Please read the full thread, you cant have the casper folder in a subfolder, it wont work. It's expected in the root of the drive. I'm looking through the initrd script for clues, and looking for a kernel switch that would allow for a redirection of the casper folder, but I dont think it exists.

I'd like BT4, Live Ubuntu and others on this same drive, but with the casper folder being seemingly hardcoded with no kernel argument to override it, this is not possible. Still looking...

I should have posted the whole file originally, sorry. BT4 prefinal is packaged with casper, which is nice because it puts the whole thing into a single file, but it sucks because the casper folder cannot be moved or renamed, which means it has to be in the root and cant co-exist with other stuff done in the same way. I'm looking for a fix for this. For now though, this folder structure is needed /backtrack/initrd.gz /backtrack/vmlinuz /casper/filesystem.manifest /casper/filesystem.manifest.desktop /casper/filesystem.squashfs Clearly I'd like all five files to be in the backtrack folder. Hope that helps for now. color green/black yellow/blue timeout 120 # --- Memtest 86 --- # title Memtest86 v2.11 kernel /memtest/memtest86+-2.10.bin # --- --- --- --- # --- DSL Damn Small Linux --- title Damn Small Linux kernel /dsl/linux24 ramdisk_size=100000 init=/etc/init lang=us apm=power-off vga=789 initrd=minirt24.gz nomce noapic quiet BOOT_IMAGE=dsl initrd /dsl/minirt24.gz boot # --- --- --- --- # --- CloneZilla --- title Clonezilla root (hd0,0) kernel /clonezilla/vmlinuz1 boot=live union=aufs vga=789 ip=frommedia live-media-path=/clonezilla bootfrom=/dev/hda toram=filesystem.squashfs noprompt ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_keymap="" ocs_live_batch="no" ocs_lang="" initrd /clonezilla/initrd1.img boot # --- --- --- --- # --- Gparted --- title Gparted 0.4.5-2 root (hd0,0) kernel /gparted/vmlinuz1 live-media-path=/gparted bootfrom=/dev/sd boot=live union=aufs noswap noprompt vga=789 ip=frommedia initrd /gparted/initrd1.img # --- --- --- --- # --- Dr Web Anti-virus --- title Dr Web Antivirus (*not working) root (hd0,0) kernel /drweb/vmlinuz root=/dev/ram0 init=/linuxrc init_opts=4 quiet dokeymap looptype=squashfs loop=/drweb/white.mo usbroot slowusb initrd=/drweb/initrd vga=789 splash=silent,theme:drweb CONSOLE=/dev/tty1 initrd /drweb/initrd # --- --- --- --- # --- Hiren's Boot CD --- title Hiren's BootCD find --set-root /HBCD/boot.gz map --mem /HBCD/boot.gz (fd0) map --hook chainloader (fd0)+1 rootnoverify (fd0) map --floppies=1 boot # --- --- --- --- # --- Mini Windows XP --- title Mini Windows XP find --set-root /HBCD/XPLOADER.BIN chainloader /HBCD/XPLOADER.BIN # --- --- --- --- # --- TRK Trinity Rescue Kit --- title Trinity Rescue Kit (*not working) find --set-root /trinityrescue/initrd.trk kernel /trinityrescue/kernel.trk ramdisk_size=49152 root=/dev/ram0 vga=789 splash=verbose pci=conf1 initrd /trinityrescue/initrd.trk # --- --- --- --- # --- Konboot --- title KonBoot map --mem /konboot/FD0-konboot-v1.1-2in1.img (fd0) map --hook chainloader (fd0)+1 map (hd1) (hd0) map --hook rootnoverify (fd0) # --- --- --- --- # --- Backtrack 4 --- title BackTrack 4 pre-final kernel /backtrack/vmlinuz vga=0x314 BOOT=casper boot=casper nopersistent rw initrd /backtrack/initrd.gz boot # --- --- --- --- # --- FreeDOS --- title FreeDOS kernel /freedos/memdisk initrd /freedos/FDSTD.144.imz # --- --- --- --- # --- DBAN --- title DBAN (Darik's Book and Nuke) kernel /dban/memdisk initrd /dban/dban-1.0.7_i386.ima # --- --- --- --- # --- FreeNAS --- title FreeNAS .7 RC1 map --mem (hd0,0)/ISOs/FreeNAS-i386-LiveCD-0.7RC1.4735.iso (hd32) map --hook chainloader (hd32) # --- --- --- ---

Mine works with the following entry, it looks like you missed just the live-media-path entry. I have a clonezilla folder containing filesystem.squashfx, initrd1.img and vmlinuz1 # --- CloneZilla --- title Clonezilla root (hd0,0) kernel /clonezilla/vmlinuz1 boot=live union=aufs vga=789 ip=frommedia live-media-path=/clonezilla bootfrom=/dev/hda toram=filesystem.squashfs noprompt ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_keymap="" ocs_live_batch="no" ocs_lang="" initrd /clonezilla/initrd1.img boot # --- --- --- ---