[clug] ADSL Provider Questions

Daniel McNamara daniel at codefish.net.au
Mon Mar 8 22:34:08 GMT 2004 

I really should clarify. I usually work with static links not home ones
and as such don't rely on the NAT function of these routers what so ever.
Even if I was I certainly don't rely on them to protect my machines which
all run their own firewalls in any case.

However generally speaking I've not had a problem with routers. Yes some
have a deserved reputation for having security holes, taking ages to get
fixed and other nasties but there are ones out there that do an excellent
job. Cisco for example makes an extremely nice DSL router (admittedly it's
out of the price range of the average consumer however). Most of the ones
I've worked with have been D-Links which have never been any problem for
me, security updates have always been well released and their mid range
routers work very well as bridges (for example a D-Link DSL 500 running as
a bridge on my 512/128 net link with an assigned /29). The one thing these
black box routers will always out do versus a pc running your os of choice
is noise, size and (yes this is debatable) reliability. With a router
there are little or no moving parts and they tend to be very hard to kill
(at least all the ones I've brought have been).

Just as with anything else routers are fine as long as they are set up
correctly. James makes a good point about changing the default password
and any decent router will not expose the administration http/telnet port
to the WAN side by default but it's worth making sure. Oh and any decent
router will have a CLI.

Easiest thing to do is do your research, figure out what meets *your*
needs and set it up. One big advantage with doing this with a pc rather
than a black box router is that you get to learn a lot about networking
and firewalls in the process and learning new things can only ever be a
good thing.

Cheers

Daniel

> Jepri wrote:
> <schnipp>
>> As for hardware, I second the suggestions about black box routers.
>> You  plug 'em in, connect to their webpage, type in your
>> username/password  and boom! you're online.  Sure beats stuffing
>> around with iptables (not  that it isn't a great product, bow scrape).
> <schnipp>
>
> Stand alone routers are very convenient, and I do use one myself. But
> they are no substitute for a good linux firewall. They do NAT, but most
> are still susceptible to address spoofing and various other attacks. The
>  code that they run is proprietary and potentially full of bugs.
>
> and /please/ change the default password on the router, and also disable
>  WAN port side administration.
>
> I would reccomend router + ipcop for true peace of mind.
>
> cheers,
> -james



--------------------------------------------------
           Sent from Code Fish Web Mail           
           Code Fish - Fishing for clues          
           http://www.codefish.net.au             
--------------------------------------------------

More information about the linux mailing list