Re: selecting old machines for firewall/router use
John Hasler put forth on 2/21/2011 7:34 PM:
> I wrote:
>> Or from the inside. If none of the machines on the LAN are running
>> Windows you're probably ok.
>
> Stan writes:
>> How is this a security issue? Broadcast packets coming from the
>> customer that hit the DSLAM are instantly dropped.
>
> Nothing to do with the DSLAM. These routers usually expose a Web
> interface on the LAN side. Malware on a Windows machine on the LAN
> could break into the router.
You're confusing
"Windows malware can potentially acceess router admin interface"
with
"Windows malware can automatically subvert the router"
Setting a strong password thwarts such a thing, and one should be
setting such a password anyway.
On the flip side, this same "router" _is_ the default NAT+SPI firewall
for the vast majority of home users. They don't have a separate Linux
firewall box in the middle. So I guess you're saying they're all
totally vulnerable to this fanciful malware you describe, which can
access the admin page of any and all home routers instantly and make any
changes it wishes?
In your scenario, how would this differ from the admin interface of
SmoothWall, IPCop, etc? The admin interfaces of all such firewalls fall
across a wide spectrum of TCP ports. Does your malware scan them all?
If the consumer hardware router is vulnerable to this fanciful malware
of yours then Smoothy, IPCop, etc, are as well. Yes? If you say no,
please explain the technical difference, as I don't see one.
--
Stan
Reply to: