Re: Hardware needed for home network

To: debian-user@lists.debian.org
Subject: Re: Hardware needed for home network
From: Tixy <tixy@yxit.co.uk>
Date: Sun, 13 Feb 2011 18:29:35 +0000
Message-id: <[🔎] 1297621775.2322.17.camel@computer2.home>
In-reply-to: <[🔎] 87ei7cm0b5.fsf@thumper.dhh.gt.org>
References: <[🔎] 20110211133710.041074fe.jhsu802701@jasonhsu.com> <[🔎] torg28xmqa.ln2@news.roaima.co.uk> <[🔎] 1297534704.3648.10.camel@computer2.home> <[🔎] 20110213010146.GB18225@think.homelan> <[🔎] 1297588976.2340.17.camel@computer2.home> <[🔎] 20110213105539.GE18225@think.homelan> <[🔎] 1297596912.2916.35.camel@computer2.home> <[🔎] 20110213130214.GI18225@think.homelan> <[🔎] 1297606152.2571.62.camel@computer2.home> <[🔎] 20110213144348.GB3025@think.homelan> <[🔎] 87ei7cm0b5.fsf@thumper.dhh.gt.org>

On Sun, 2011-02-13 at 09:17 -0600, John Hasler wrote:
> Andrei writes:
> > You seem to assume it is impossible for a packet to reach one of the
> > other internal computers without taking the detour via the server (and
> > it's firewall). Maybe I'm paranoid, but I wouldn't base the security
> > of my internal network on this assumption.
> 
> If I understand correctly he has the modem in bridge mode and is running
> pppd on the server (I am doing this as well though I also have two NICs
> on the server).  Thus there is no IP traffic between the modem and the
> server: just PPP.

That's right

>   Even if the PPP packets were to reach one of the
> other computers they could do nothing with them unless they were also
> running pppd.  I suppose an attacker could seize control of the modem
> (hard to do when it's in bridge mode) and then launch an attack, though.
> 
> Modem firmware has a history of being buggy and full of holes.  I'd
> rather not let it have any access at all to my network.  NICs are cheap.

My setup replaces a consumer wireless/modem/router and I have no reason
to suspect that the new modem is more prone to compromise that the old
kit. Considering it's a lot simpler, not doing routing or NAT, I would
expect it to have less vulnerabilities all other things being equal.


-- 
Tixy               ()  The ASCII Ribbon Campaign (www.asciiribbon.org)
                   /\  Against HTML e-mail and proprietary attachments

Reply to:

References:
- Hardware needed for home network
  - From: Jason Hsu <jhsu802701@jasonhsu.com>
- Re: Hardware needed for home network
  - From: Chris Davies <chris-usenet@roaima.co.uk>
- Re: Hardware needed for home network
  - From: Tixy <tixy@yxit.co.uk>
- Re: Hardware needed for home network
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: Hardware needed for home network
  - From: Tixy <tixy@yxit.co.uk>
- Re: Hardware needed for home network
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: Hardware needed for home network
  - From: Tixy <tixy@yxit.co.uk>
- Re: Hardware needed for home network
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: Hardware needed for home network
  - From: Tixy <tixy@yxit.co.uk>
- Re: Hardware needed for home network
  - From: Andrei Popescu <andreimpopescu@gmail.com>
- Re: Hardware needed for home network
  - From: John Hasler <jhasler@debian.org>

Prev by Date: Re: Proper way to restart network after modem/router reset
Next by Date: Re: Relocating Squeeze partition
Previous by thread: Re: Hardware needed for home network
Next by thread: Re: Hardware needed for home network
Index(es):
- Date
- Thread