Comment 168 Re: Okay


Netgear Hides Router Backdoor Instead of Fixing It


Okay (Score: 2, Interesting)

by Anonymous Coward on 2014-04-23 14:41 (#15D)

this is indeed deliberate, maybe on NSA order? As a consequence Netgear, Cisco, Linksys and the other US network gear suppliers should be avoided as home and in enterprise equipment from now on

Re: Okay (Score: 1)

by on 2014-04-23 15:26 (#15E)

Time to look into open-source firmware. Replacing oem with, eg, dd-wrt would mitigate this sort of thing, wouldn't it? I'm honestly asking.

Re: Okay (Score: 3, Informative)

by on 2014-04-23 17:00 (#15F)

Well, sadly most Linux distributions tend to *not activate* some exploit mitigation. I don't know about the Linux router firmwares but last time I checked they even used some old kernel versions that didn't even had some of these mitigations. Personally I use an OpenBSD on an old ALIX board for a long time. Too bad pfsense is based on FreeBSD instead of OpenBSD, otherwise it would be an ideal candidate.

For hardware, I would recommend either the ALIX boards (there is a new APU model) or Mikrotik routerboards

Re: Okay (Score: 2, Interesting)

by on 2014-04-25 14:46 (#15X)

Nothing at all against OpenBSD, it is great, but do you have something of substance against FreeBSD? Why specifically do you think basing pfsense on FreeBSD is a negative? I may be reading too much into your comment.

Re: Okay (Score: 2, Interesting)

by on 2014-04-25 18:07 (#168)

FreeBSD just started to implement mitigations that have been standard in OpenBSD for years. For example, ASLR or SSP, last time I checked was 2013 and FreeBSD still lacked these very simple mitigations that are even available in Windows by now. This is just utterly ridiculous.

They're just sloppy in terms of security and they also accept horrible patches just because there is some performance benefit. OpenBSD plays on an entirely different level and is my only choice for infrastructure as critical as routers.


Time Reason Points Voter
2014-04-26 16:36 Interesting +1

Junk Status

Not marked as junk