On 06/12/2012 03:33 PM, Jim Courtney wrote:
>
> I have iptables rules that keep things as secure as having two NIC's. No
> problems so far, after having this setup at home for about 13 years and
> getting continuous hack attempts.
... I think my brain just blew a fuse.
As a general rule this is a horrible idea. In this case the modem you're
making a pppoe connection provides a limited bulwark against leakage of
internal traffic to the ISP's external network, but you are effectively
compromising chunks of your L2 traffic to the modem itself. Your ISP is
literally sitting on your internal network.
Your firewall rules are commendable, but I get the impression that while
they are giving you the normal protection you'd expect from attackers
external to your ISP, they're not enough to, at a minimum, prevent traffic
leakage directly to your ISP or, at a maximum, prevent your ISP from
attacking your network from your own internal address range (if they so
choose to do so). Your 13 years of no problems is more due to the fact that
your ISP *isn't* out to get you than anything else.
Granted, OTS modem hardware is normally fairly limited in thier
capabilities, but that's accidental insurance at best.
The concept you present here is moderately risky on DSL networks itself, but
if extrapolated to other kind of connections be exceedingly more dangerous.
I'd have to hit the docs on pppoe to say definitively, but I would wager
that you'd have a smidge more security if you were to plug everything into a
managed switch that provided VLAN capabilities. Even that, though, would
not be risk free.
--Arthur Corliss
Live Free or Die
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Jun 12 23:08:02 2012
This archive was generated by hypermail 2.1.8 : Tue Jun 12 2012 - 23:08:02 AKDT