Re: Hardware needed for home network
On Sun, 2011-02-13 at 09:17 -0600, John Hasler wrote:
> Andrei writes:
> > You seem to assume it is impossible for a packet to reach one of the
> > other internal computers without taking the detour via the server (and
> > it's firewall). Maybe I'm paranoid, but I wouldn't base the security
> > of my internal network on this assumption.
>
> If I understand correctly he has the modem in bridge mode and is running
> pppd on the server (I am doing this as well though I also have two NICs
> on the server). Thus there is no IP traffic between the modem and the
> server: just PPP.
That's right
> Even if the PPP packets were to reach one of the
> other computers they could do nothing with them unless they were also
> running pppd. I suppose an attacker could seize control of the modem
> (hard to do when it's in bridge mode) and then launch an attack, though.
>
> Modem firmware has a history of being buggy and full of holes. I'd
> rather not let it have any access at all to my network. NICs are cheap.
My setup replaces a consumer wireless/modem/router and I have no reason
to suspect that the new modem is more prone to compromise that the old
kit. Considering it's a lot simpler, not doing routing or NAT, I would
expect it to have less vulnerabilities all other things being equal.
--
Tixy () The ASCII Ribbon Campaign (www.asciiribbon.org)
/\ Against HTML e-mail and proprietary attachments
Reply to: