A folloup query - was Re: [clug] Calling all Linux n00bs

Daniel Pittman daniel at rimspace.net
Sat Jun 13 03:31:51 GMT 2009 

Rod Peters <rpeters at pcug.org.au> writes:
> On Thursday 11 June 2009 22:00:16 linux-request at lists.samba.org wrote:
>> Re: A folloup query - was  Re: [clug] Calling all Linux n00bs
>>  From: Daniel Pittman <daniel at rimspace.net>
>>  To: CLUG List <linux at lists.samba.org>
>>
>> Rod Peters <rpeters at pcug.org.au> writes:
>> > On Thursday 11 June 2009 12:20:10 linux-request at lists.samba.org wrote:

[...]

>> > Well you might be, as long as you understand that most of these packaged
>> > routers either don't have the more effective firewalling techniques such
>> > as SPI or, if installed, it is disabled by default, to avoid
>> > incompatibility with Vista.
>>
>> Most of the low end consumer routers are based on their VXWorks or Linux,
>> both of which have TCP Window Scaling compliant SPI, or "connection
>> tracking", firewall implementations.
>>
>> For most of the devices a firmware update is available that corrects them.
>
> Perhaps, but this process is similar to flashing the BIOS on a PC, which I
> suggest the vast majority of PC owners won't tackle.

Vastly simpler, in my experience, since it is all web based.  Also, it has
been a /long/ time since I ran into any of these devices that had any grief
from window scaling, since my laptop has run behind a lot of them[1], and has
had the feature enabled for a long time.

> The cost of having a computer shop do it is similar to a new router.
> So for the average owner, these devices have limited firewalling.

So, so.  Especially if the problem is documented by OS vendors like, oh,
Microsoft, who can identify it and alert the user.  Plus, you know, it isn't
like Microsoft are reluctant to lean of OEMs to get them to fix problems that
hurt their software. ;)

> The practical way to LAN PC is to set ethernet as a "trusted zone" on each
> PC.  Net result is that the whole LAN has firewalling of limited effect.

I don't quite follow what you are talking about here.  Do you mean something
like setting the LAN to a "trusted zone" in random Windows software firewall
products?

Regards,
        Daniel

Footnotes: 
[1]  The simple joys of supporting SMBs as a consultant, I guess.

More information about the linux mailing list