[plug] Safely using an untrusted router

Dirk justanothergreenguy at gmail.com
Wed Oct 21 10:27:13 UTC 2015

Thanks Andrew.  Will follow up on those ideas too, thanks.

However, I have another idea, a bit left field, but it may just do the

Does anyone know whether 4G modems (and smart phones, for that matter) are
assigned a publicly-routable IP address or are they typically NAT'd behind
a small number of IP addresses of the mobile service provider's servers?  I
can't imagine billions(?) of mobile phones all having unique
publicly-routable IP addresses (on top of all the servers and so on, around
the world).

If they're NAT'd, then maybe a pre-paid 4G USB modem dongle would be the
way to go for low MB critical online work, eg. fetching package lists,
logging in to ASIC, ATO, webmail, our utilities, etc.  Should block
all scanners on the net that are looking for routers to exploit, by virtue
of sitting behind the Svc providers routers.  (...and then use an unsecured
computer and ADSL router pair for general web browsing, content streaming,

Does anyone know if this would work?

(Of course, if a 4G dongle is not NAT'd then I don't really gain anything).

On Wednesday, 21 October 2015, Andrew Cooks <acooks at gmail.com> wrote:

> On Wed, Oct 21, 2015 at 9:43 AM, Dirk <justanothergreenguy at gmail.com
> <javascript:_e(%7B%7D,'cvml','justanothergreenguy at gmail.com');>> wrote:
>> Cheers for that Pavel.  And thanks again Brad for your input.  You've
>> both given me some ideas, although I was hoping for an easy OpenVPN option
>> :)
>> If anyone else has any thoughts or suggestions, please let me know!
>> My internet access is slow enough, so I'm not really excited about
> pushing everything through a VPN.
> I trust my router. I have a TP-Link TD-8817 modem in bridge mode,
> connected to a fit-pc (http://www.fit-pc.com/web/solutions/multilan/)
> running IPFire (http://www.ipfire.org/). IPFire tells me I can trust my
> DNS. IPFire packages are kept up to date. The modem could conceivably
> modify the PPPoE frames in transit, except that it's a dirt cheap consumer
> product with little functionality that could be exploitable and it's
> unlikely to have enough processing power to do that kind of thing.
> There is nowhere safe, only acceptable risks.
> a.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20151021/4502dc75/attachment.html>

More information about the plug mailing list