Comment 16E Re: Okay

Story

Netgear Hides Router Backdoor Instead of Fixing It

Preview

Okay (Score: 2, Interesting)

by Anonymous Coward on 2014-04-23 14:41 (#15D)

this is indeed deliberate, maybe on NSA order? As a consequence Netgear, Cisco, Linksys and the other US network gear suppliers should be avoided as home and in enterprise equipment from now on

Re: Okay (Score: 1)

by songofthepogo@pipedot.org on 2014-04-23 15:26 (#15E)

Time to look into open-source firmware. Replacing oem with, eg, dd-wrt would mitigate this sort of thing, wouldn't it? I'm honestly asking.

Re: Okay (Score: 3, Informative)

by omoc@pipedot.org on 2014-04-23 17:00 (#15F)

Well, sadly most Linux distributions tend to *not activate* some exploit mitigation. I don't know about the Linux router firmwares but last time I checked they even used some old kernel versions that didn't even had some of these mitigations. Personally I use an OpenBSD on an old ALIX board for a long time. Too bad pfsense is based on FreeBSD instead of OpenBSD, otherwise it would be an ideal candidate.

For hardware, I would recommend either the ALIX boards http://www.pcengines.ch/ (there is a new APU model) or Mikrotik routerboards http://routerboard.com/

Re: Okay (Score: 1, Interesting)

by Anonymous Coward on 2014-04-26 11:15 (#16E)

Yeah, Alix boards are nice if you're handling traffic from 2000. Most of those boards cannot route my home internet connection traffic, let alone serious workloads. And serious workloads often need other stuff like proper link aggregation, and multiple default routes (all of these exist in OpenBSD now, but several years after FreeBSD). And for "serious workloads", pf was a limiting factor until recently, because of lack of SMP support.

I have an Alix board I never used for anything. An atom board with 2xGigE has >10x the same routing capacity, and its not much more expensive than an Alix. It will draw more power, sure, and it takes more space. But at least it can handle my home connection.

Moderation

Time Reason Points Voter
2014-04-26 16:36 Interesting +1 songofthepogo@pipedot.org

Junk Status

Marked as [Not Junk] by evilviper@pipedot.org on 2015-01-04 19:15