Routers

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>]

Date sent:              Sat, 26 Nov 2005 09:57:33 -0700 (MST)
From:                   "Dr. Neal Krawetz" <hf () hackerfactor com>

> On Fri Nov 25 15:14:33 2005, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
> > > Can I piggyback on that?
>
> Sure!

:-)

Thank you, everyone who responded and *particularly* Neal, for the advice.  (For 
those who have *not* yet responded, due to US Thanksgiving, unless the list gets 
really interested in this, it might be best to send thoughts/recommendations to me, 
rather than the list.  I'm off now, to teach in Kansas City this week, and Norfolk 
VA starting Dec. 3, if anyone's in the area(s) and wants to get together.  Email will 
collect, and may occasionally be seen, on this account, but 
rslade () computercrime org might be more reachable while I'm away.)

>   - Disable UPnP (I hate this protocol)

Interesting.  I don't think I've got anything net-connected that requires it.  Might 
one ask why the hatred?  (And also how to diable, if non-obvious?)

(I believe the person who originally wrote it is on this list, and has an interesting 
story regarding its creation, and subsequent implementation.)

> Since I don't know you, I cannot make a recommendation for you.

Well, you've provided *great* info so far!  (Which I will read in detail later when I 
get the chance.)

Basically, I've got a home system, now trying to turn into a LAN (me and the 
missus, plus the laptop I have to take on the road, behind the router, and trying to 
avoid the issue that I can't connect to the LAN and the ISP at the same time 
[have to change the TCP/IP properties to "192.168" addresses individually, and 
then back to "auto-get-IP-address" when I want to get on the Internet again] plus 
get some firewall protection) with a router to "hide" what I'm doing from the ISP.  
 (Hence the need for a NAT, I'm thinking.  But I could be wrong.)  I know data 
comm basics cold, but from the old days when the Internet was just an interesting 
tool.  I know the TCP/IP protocols in a basic way, but I've never run a firewall, 
and would like to learn a little bit, without having to become an expert in order to 
get it to run.  I'm running XP, mostly from laziness (since I figure I can run the 
PowerPoint presentations on OpenOffice now, if I really had to).  Have had a 
copy of W2K3 for over a year now that I've been meaning to install on the 
desktop machine, but who has the time .... ?

> But I can suggest that you look at D-Link or SMC.
> I'm very fond of the SMC Barricade series, and so far, the D-Link DI-604
> seems very good.  (Give me a week and I'll let you know if my opinion
> changes for the D-Link.)
>
> As for wireless...  I suggest you buy three routers: two wired and
> one wireless.  (In the US, the cost is less than $70 at Circuit Shitty
> and Office Max.  Office Max has the DI-604 for $10 after rebate.)
>   Internet -> wired #1 -> wired #2 -> LAN
>   Internet -> wired #1 -> wireless -> WiFi network
> Basically, this gives you a DMZ.
> Wired connections keep their high throughput, without being slowed by
> the wireless router.
> Any wireless compromises do not get into the LAN.
>
> Ideally, you want different brands for wired #1 and #2.
> This way, a compromise to one does not get through the other.
>
> I'm right now seeing if the D-Link's "LAN-LAN" ruleset can keep the
> wireless out of the LAN without needing "wired #2".  This is looking
> very good.  (I lose the DMZ, but keep the security from the WiFi.  I
> want to move the wireless router out of the cage next week, so it reaches
> the whole house.)
>
> If your max throughput is 3Mb or less (dialup, DSL, etc.) then you
> can get away with:
>   Internet -> wireless -> wired -> LAN
> You won't notice the slowness from the wireless router.
>
>      -Neal
> --
> Neal Krawetz, Ph.D.
> Hacker Factor Solutions
> http://www.hackerfactor.com/



======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca      slade () victoria tc ca      rslade () sun soci niu edu
The world cannot continue to wage war like physical giants and
seek peace like intellectual pygmies.               - Basil O'Connor
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.