[plug] Safely using an untrusted router
justanothergreenguy at gmail.com
Tue Oct 20 05:17:46 UTC 2015
Oops, my error, I think I'm already using PPPoE. But don't you lose the
firewall of NAT (re unsolicited traffic) in pass-through mode? ...and a
MITM in the modem could still play funny games if your traffic isn't
encrypted from your computer.
Am I wrong in thinking a VPN (set up on the PC, not in the
router) would offer far greater security through an (any) untrusted
router? I mean, isn't that what is recommended for people logging into
their corporate network remotely (say from a hotel, etc)...?
As far as I know, the RPi incorporated the GPU driver with the OS in the
one big blob that goes on the SD card. As such, you can verify the
integrity of everything volatile / rewriteable before using it, with a
simple MD5 checksum across the whole SD device. ...but I may be mistaken :)
Btw, they should make modem routers (and USB controllers, motherboards,
hard drives, etc) with non-volatile firmware, or firmware inserted
via microSD card, so it can be replaced and verified, according to known
checksums. Am I the only one who would pay for this? Anyway, I digress.
On Tuesday, 20 October 2015, Brad Campbell <brad at fnarfbargle.com> wrote:
> On 20/10/15 11:47, Dirk wrote:
> I might have to look into using a modem in pass-through mode, and
>> hopefully my ISP can enable the PPPoE at their end.
> Is your router currently configured for pppoe or pppoa?
> Does your Billion modem have any firmware that can be updated or
>> compromised (i.e. wouldn't solve my issue), or is it all hardware?
> All modems/routers have firmware that can be updated and compromised. By
> using the modem in passthrough mode it'd have to be modifying the ppp
> encapsulated packets on the fly. Not impossible, but a bit more complex
> than just re-routing IP packets using the kernels filtering infrastructure.
> There hasn't been a 'hardware only' modem in 30 years.
> Btw, I'm considering using a Raspberry Pi (not sure how secure Raspbian
>> is though), to get around the possibility of BIOS malware in my PC, as I
>> can verify the integrity of the Pi's 'firmware' by rewriting the OS onto
>> a small SD card each time I need to access important online accounts.
> How can you verify the integrity of the PI? I thought it had some binary
> blob drivers for the GPU. That's no more secure than the BIOS in your PC.
> PLUG discussion list: plug at plug.org.au
> Committee e-mail: committee at plug.org.au
> PLUG Membership: http://www.plug.org.au/membership
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the plug