1 |
Am Wed, 29 Mar 2017 04:52:08 -0700 |
2 |
schrieb Jorge Almeida <jjalmeida@×××××.com>: |
3 |
|
4 |
> On Wed, Mar 29, 2017 at 12:45 AM, Neil Bothwick <neil@××××××××××.uk> |
5 |
> wrote: |
6 |
> > On Tue, 28 Mar 2017 22:52:25 -0700, Jorge Almeida wrote: |
7 |
> > |
8 |
> |
9 |
> > |
10 |
> > It's more a privacy issue that security for me. I have a similar |
11 |
> > setup with a virgin cable router, which I set to what they call |
12 |
> > modem mode, where only one of the ports works and connects to my |
13 |
> > router. The one time I ran tech support they were able to see that |
14 |
> > I was using it this way and even reset the modem for me. I suppose |
15 |
> > it makes life easier for them and their typical customers, but it |
16 |
> > was a little unnerving. |
17 |
> > |
18 |
> > |
19 |
> The ISP provided router is officially managed (whatever this means) by |
20 |
> them. As to privacy, I know a packet is visible once it leaves the |
21 |
> router via Wan port. What I worry a bit is about the possibility of |
22 |
> foul play towards the home network. The computers are firewalled via |
23 |
> iptables, but accept connections from 192.168.... What prevents a |
24 |
> hacked router of impersonating a local origin? |
25 |
|
26 |
Block packets originating from the router MAC address and that don't |
27 |
belong to a known connection. Then deploy a managed switch that can do |
28 |
MAC address filtering so it allows only the one MAC address on the |
29 |
router port. This should be safe enough. It would be difficult to get |
30 |
around such a setup. To be even more safe, use VLAN and exclude all |
31 |
your computers from the management port. |
32 |
|
33 |
This, however, doesn't prevent tampering with packets on their way |
34 |
through the router. You could use VPN and place the tunnel endpoints |
35 |
only on trusted routers. That way, your ISP only relays VPN traffic, |
36 |
and ensures the transfer networks below are only used for VPN and your |
37 |
machines accept nothing else. |
38 |
|
39 |
-- |
40 |
Regards, |
41 |
Kai |
42 |
|
43 |
Replies to list-only preferred. |