| 1 |
On Monday 08 January 2007 09:53, Dan <dan@×××××××××.cx> wrote about 'Re: |
| 2 |
[gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy': |
| 3 |
> I am not sure what you mean by this, but I do hope you'll consider |
| 4 |
> using a normal commodity PC as your router. |
| 5 |
|
| 6 |
He's already got a home router. Some Netgear model (see below). |
| 7 |
|
| 8 |
If the only thing your network is accessing the Internet, then a PC can |
| 9 |
work as a router effectively. However, if you want to take advantage of |
| 10 |
gigabit speeds (or more than a dozen 100mbit ports) you'll definitely want |
| 11 |
a dedicated solution -- the PCI bus just can't keep up. Maybe there's a |
| 12 |
solution in PCIe or PCI-X, since they do increase bandwidth, but I've yet |
| 13 |
to see a standard PC configured to handle that much bandwidth. |
| 14 |
|
| 15 |
> are you sure you want the internet traffic to go through the wifi |
| 16 |
> provider's ISP, through the worldwide web (tracepath gives routes that |
| 17 |
> you may find surprising for traffic in the neighborhood will often go |
| 18 |
> accross the nation for me), back through your home ISP, and into your |
| 19 |
> home network, then back again through your home ISP and back into the |
| 20 |
> world to the computer whose website you are attempting to browse? That's |
| 21 |
> a pretty convoluted trip. |
| 22 |
|
| 23 |
Well, by making that trip he does prevent attempts to sniff his data by the |
| 24 |
wifi provider (or when using non-secure wifi, anyone within range of his |
| 25 |
transmission). It sounds like he's setting up a ssh tunnel from a trusted |
| 26 |
system (his laptop) to another trusted system (his router) so his |
| 27 |
(plaintext) data can't be intercepted. (It could be intercepted as |
| 28 |
ciphertext but there's no good attacks against as ssh tunnel.) |
| 29 |
|
| 30 |
Note that SSL/TLS traffic doesn't gain any security by going though the |
| 31 |
tunnel and unencrypted traffic can still be sniffed on it's way between |
| 32 |
the trusted router and the server. |
| 33 |
|
| 34 |
-- |
| 35 |
"If there's one thing we've established over the years, |
| 36 |
it's that the vast majority of our users don't have the slightest |
| 37 |
clue what's best for them in terms of package stability." |
| 38 |
-- Gentoo Developer Ciaran McCreesh |
Archives