[plug] Safely using an untrusted router

[Brad Campbell]

On 20/10/15 10:51, Dirk wrote:
> G'day fellow PLUG'gers,
>

> Anyway, I'm hoping someone knows how to handle an untrusted router, and
> whether a VPN tunnel would guarantee a secure connection, whether or not
> there are any DNS hijacks/spoofing or any other funny games going on in
> the router.

I'm often on untrusted networks. I use an openvpn tunnel to either my 
home system or a co-located box depending on which hemisphere I'm in.
I use the tunnel as my default route, so once it's up all traffic 
traverses it. This slows down browsing quite a bit as dns lookups are 
considerably slower however.

I don't use a "router" at home. Just have a a billion modem in 
passthrough mode and run pppoe on the server.

We use a Zimbra server and I run the Zimbra client for mail. I started 
getting ssl alerts when out and about because the foreign networks were 
trying to man in the middle my ssl sessions, so I switched to tunneling 
everything over the vpn.

I would not say it's 'secure' as such, but it will stop anyone on the 
same local network segment sniffing traffic and provides an extra layer 
of 'warm fuzzy' at the expense of speed and latency.

I think the likelihood of 'BIOS malware' is probably pretty low. I would 
suggest if you don't trust your local network then you should be doing 
something about that first rather than trying to work around it.