Re: DSL router and security

To: debian-security@lists.debian.org
Subject: Re: DSL router and security
From: Peter Cordes <peter@llama.nslug.ns.ca>
Date: Thu, 10 Feb 2000 23:17:09 -0400
Message-id: <[🔎] 20000210231709.C15946@llama.nslug.ns.ca>
In-reply-to: <[🔎] E12J06V-0004Px-00@mail.xmission.com>; from howardm@xmission.com on Thu, Feb 10, 2000 at 01:22:19PM +0000
References: <[🔎] E12J06V-0004Px-00@mail.xmission.com>

On Thu, Feb 10, 2000 at 01:22:19PM +0000, Howard Mann wrote:
> 
> Hi,
> 
> I use DSL with Slink. I previously had a static IP address. I used an IP Chains ruleset as one security level. All was well.
> 
> My ISP recently mandated a configuration change for the Cisco DSL router from " bridging" to "ppp" mode, including NAT at the router level.
> 
> The router now changes my assigned IP address to a private Class A address ( 10.0.0.2 ). I changed my networking ( eth0) settings to reflect this.
> 
> I guess I no longer need the IP Chains firewall. Is this correct ?

 You never need security.  It's nice to have, though!!! :)  You should leave
your firewall configured if it is possible for other people using the same
ISP to send you stuff that hasn't been filtered through your ISP's firewall,
or you don't trust everyone at the ISP with access to the network.

If other people can connect to an IP address which get's forwarded to yours
internally, then you should definitely leave your firewall up.  (MTT's
mpoweredpc ADSL service in Halifax is like this.  I have a cable modem
(Halifax has 2 high speed providers :), but people with ADSL tell me that
they have an internal IP and an external IP.  The internal is fixed, but the
external one changes all the time.  Presumably, though, if you know the
external IP, then you could connect to ports on the ADSL computer, rather
than just waiting for it to contact you.  This means it is succeptible to
attack.

> What security considerations/measures should I now adopt with respect to my new setup ?

 Don't trust anybody you don't know personnally.  Don't allow any access to
anyone who doesn't need it.  :)

> My knowledge of the function of this router is rudimentary.

 Better leave the firewall up, then.

-- 
#define X(x,y) x##y
DUPS Secretary ; http://is2.dal.ca/~dups/
Peter Cordes ;  e-mail: X(peter@cordes.phys. , dal.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to:

References:
- DSL router and security
  - From: Howard Mann <howardm@xmission.com>

Prev by Date: Re: DSL router and security
Next by Date: new mysql-server for *slink*
Previous by thread: Re: DSL router and security
Next by thread: new mysql-server for *slink*
Index(es):
- Date
- Thread