[Novalug] Router/firewall less likely to have vulnerability

Ed James edward.james@gmail.com
Wed Apr 2 11:55:57 EDT 2014


There's been a bazillion write-ups on this issue, although obviously not
front-page news.  For example:


http://securityevaluators.com/knowledge/case_studies/routers/soho_router_hacks.php

My personal issue is, I have no clue what comes stock with my routers, but
I can indeed read the source code for the open-source versions.  I prolly
wouldn't read it for security issues, but I'd trust that other  (way more
proficient) folks have done so.

In particular, I'd have little trust in equipment delivered by the major
telecoms, who have an interest in their own people being able to access the
hardware.  I'm not saying that they would be the malicious ones, but if
they can "get in", so can others, eventually.

Note - not all routers have enough memory to run all of the open-source
code.  That's something that should be researched before buying a router,
if one does plan of doing a firmware upgrade.

Regards,
Ed James


On Wed, Apr 2, 2014 at 11:34 AM, Charles R. Head
<CharlesRHead@netscape.net>wrote:

>  *Derek,*
>
> I'd appreciate it if you would expand on why you said "Don't use the
> firmware that comes with the device.  That is the road to fail."
>
> Is this based on your personal preference (which I'm not knocking), or is
> there a specific vulnerability that has been discovered?
>
> *Charles Head*
>
> ********************************************
>  On 4/2/2014 11:30 AM, Derek LaHousse wrote:
>
> To summarize:
>
> Don't use the firmware that comes with the device.  That is the road to
> fail.  Alternatives include:
> - pfSense
> - Tomato
> - DD-WRT
> - OpenWRT (my favorite)
> - Gargoyle
>
> Derek
>
> On Wed, 2014-04-02 at 09:22 -0400, John Place wrote:
>
>  I use pfSense (FreeBSD based) I personally own:http://store.netgate.com/Netgate-FW-7541-BTO-P1893.aspx
>
> If you do not need ports+speed or the horse power this one works great:http://store.netgate.com/Netgate-m1n1wall-2D13-Black-P216.aspx
>
> 3 ports works nice because you can plug a wireless device into the extra
> port and keep it "outside"...
>
> Thanks
> John
>
> On 04/02/2014 12:19 AM, Jay Hart wrote:
>
>  Openbsd only way to go for SOHO router/firewall.
>
>  _______________________________________________
> Novalug mailing listNovalug@calypso.tux.orghttp://calypso.tux.org/mailman/listinfo/novalug
>
>  _______________________________________________
> Novalug mailing listNovalug@calypso.tux.orghttp://calypso.tux.org/mailman/listinfo/novalug
>
>
>
>
> ------------------------------
>    <http://www.avast.com/>
>
> This email is free from viruses and malware because avast! Antivirus<http://www.avast.com/>protection is active.
>
>
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/mailman/listinfo/novalug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20140402/e9210b0f/attachment.htm>


More information about the Novalug mailing list