Oops, I meant to send this to the mailing list...<div><br><br>On Tuesday, 20 October 2015, Dirk <<a href="mailto:justanothergreenguy@gmail.com">justanothergreenguy@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Thanks Brad, for your quick response!<div><br></div><div>I only use a wired modem router (with only one device attached being my PC) when I need to access important online accounts (e.g. Gmail, govt depts, etc), so am not concerned with slow speeds and greater latency.</div><div><br></div>My local network is therefore pretty simple: just my PC and the wired modem router.<br><div><br></div><div>All my general browsing is done with a different computer, old phone, or tablet on a separate wifi modem router. I turn off the wireless router, and swap the RJ11 over, before using the wired router, and vice versa.</div><div><br></div><div>I might have to look into using a modem in pass-through mode, and hopefully my ISP can enable the PPPoE at their end.</div><div><br></div><div>Does your Billion modem have any firmware that can be updated or compromised (i.e. wouldn't solve my issue), or is it all hardware?</div><div><br></div><div>Btw, I'm considering using a Raspberry Pi (not sure how secure Raspbian is though), to get around the possibility of BIOS malware in my PC, as I can verify the integrity of the Pi's 'firmware' by rewriting the OS onto a small SD card each time I need to access important online accounts.</div><div><br></div><div>Cheers, Dirk</div><div><br></div><div><br><br>On Tuesday, 20 October 2015, Brad Campbell <<a href="javascript:_e(%7B%7D,'cvml','brad@fnarfbargle.com');" target="_blank">brad@fnarfbargle.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 20/10/15 10:51, Dirk wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
G'day fellow PLUG'gers,<br>
<br>
</blockquote>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Anyway, I'm hoping someone knows how to handle an untrusted router, and<br>
whether a VPN tunnel would guarantee a secure connection, whether or not<br>
there are any DNS hijacks/spoofing or any other funny games going on in<br>
the router.<br>
</blockquote>
<br>
I'm often on untrusted networks. I use an openvpn tunnel to either my home system or a co-located box depending on which hemisphere I'm in.<br>
I use the tunnel as my default route, so once it's up all traffic traverses it. This slows down browsing quite a bit as dns lookups are considerably slower however.<br>
<br>
I don't use a "router" at home. Just have a a billion modem in passthrough mode and run pppoe on the server.<br>
<br>
We use a Zimbra server and I run the Zimbra client for mail. I started getting ssl alerts when out and about because the foreign networks were trying to man in the middle my ssl sessions, so I switched to tunneling everything over the vpn.<br>
<br>
I would not say it's 'secure' as such, but it will stop anyone on the same local network segment sniffing traffic and provides an extra layer of 'warm fuzzy' at the expense of speed and latency.<br>
<br>
I think the likelihood of 'BIOS malware' is probably pretty low. I would suggest if you don't trust your local network then you should be doing something about that first rather than trying to work around it.<br>
<br>
<br>
_______________________________________________<br>
PLUG discussion list: <a>plug@plug.org.au</a><br>
<a href="http://lists.plug.org.au/mailman/listinfo/plug" target="_blank">http://lists.plug.org.au/mailman/listinfo/plug</a><br>
Committee e-mail: <a>committee@plug.org.au</a><br>
PLUG Membership: <a href="http://www.plug.org.au/membership" target="_blank">http://www.plug.org.au/membership</a><br>
</blockquote></div>
</blockquote></div>