funsec mailing list archives
Routers
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>
Date: Sun, 27 Nov 2005 06:40:09 -0800
Date sent: Sat, 26 Nov 2005 09:57:33 -0700 (MST) From: "Dr. Neal Krawetz" <hf () hackerfactor com>
On Fri Nov 25 15:14:33 2005, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:Can I piggyback on that?Sure!
:-) Thank you, everyone who responded and *particularly* Neal, for the advice. (For those who have *not* yet responded, due to US Thanksgiving, unless the list gets really interested in this, it might be best to send thoughts/recommendations to me, rather than the list. I'm off now, to teach in Kansas City this week, and Norfolk VA starting Dec. 3, if anyone's in the area(s) and wants to get together. Email will collect, and may occasionally be seen, on this account, but rslade () computercrime org might be more reachable while I'm away.)
- Disable UPnP (I hate this protocol)
Interesting. I don't think I've got anything net-connected that requires it. Might one ask why the hatred? (And also how to diable, if non-obvious?) (I believe the person who originally wrote it is on this list, and has an interesting story regarding its creation, and subsequent implementation.)
Since I don't know you, I cannot make a recommendation for you.
Well, you've provided *great* info so far! (Which I will read in detail later when I get the chance.) Basically, I've got a home system, now trying to turn into a LAN (me and the missus, plus the laptop I have to take on the road, behind the router, and trying to avoid the issue that I can't connect to the LAN and the ISP at the same time [have to change the TCP/IP properties to "192.168" addresses individually, and then back to "auto-get-IP-address" when I want to get on the Internet again] plus get some firewall protection) with a router to "hide" what I'm doing from the ISP. (Hence the need for a NAT, I'm thinking. But I could be wrong.) I know data comm basics cold, but from the old days when the Internet was just an interesting tool. I know the TCP/IP protocols in a basic way, but I've never run a firewall, and would like to learn a little bit, without having to become an expert in order to get it to run. I'm running XP, mostly from laziness (since I figure I can run the PowerPoint presentations on OpenOffice now, if I really had to). Have had a copy of W2K3 for over a year now that I've been meaning to install on the desktop machine, but who has the time .... ?
But I can suggest that you look at D-Link or SMC. I'm very fond of the SMC Barricade series, and so far, the D-Link DI-604 seems very good. (Give me a week and I'll let you know if my opinion changes for the D-Link.) As for wireless... I suggest you buy three routers: two wired and one wireless. (In the US, the cost is less than $70 at Circuit Shitty and Office Max. Office Max has the DI-604 for $10 after rebate.) Internet -> wired #1 -> wired #2 -> LAN Internet -> wired #1 -> wireless -> WiFi network Basically, this gives you a DMZ. Wired connections keep their high throughput, without being slowed by the wireless router. Any wireless compromises do not get into the LAN. Ideally, you want different brands for wired #1 and #2. This way, a compromise to one does not get through the other. I'm right now seeing if the D-Link's "LAN-LAN" ruleset can keep the wireless out of the LAN without needing "wired #2". This is looking very good. (I lose the DMZ, but keep the security from the WiFi. I want to move the wireless router out of the cage next week, so it reaches the whole house.) If your max throughput is 3Mb or less (dialup, DSL, etc.) then you can get away with: Internet -> wireless -> wired -> LAN You won't notice the slowness from the wireless router. -Neal -- Neal Krawetz, Ph.D. Hacker Factor Solutions http://www.hackerfactor.com/
====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () sun soci niu edu The world cannot continue to wage war like physical giants and seek peace like intellectual pygmies. - Basil O'Connor http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Router speeds..., (continued)
- Re: Router speeds... Dr. Neal Krawetz (Nov 26)
- Re: Router speeds... Chris Buechler (Nov 28)
- Re: Router speeds... Dr. Neal Krawetz (Nov 26)
- Re: Router speeds... Chris Buechler (Nov 25)
- Re: Router speeds... Roland Dobbins (Nov 25)
- Re: Router speeds... Valdis . Kletnieks (Nov 25)
- Re: Router speeds... Chris Buechler (Nov 28)
- Re: Router speeds... Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 25)
- Re[2]: Router speeds... Ilfak Guilfanov (Nov 25)
- Re: Router speeds... Dr. Neal Krawetz (Nov 26)
- Re: Router speeds... Martin Wehlou (Nov 26)
- Routers Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 27)
- Re: Routers Martin Wehlou (Nov 27)
- Re: Routers Dr. Neal Krawetz (Nov 27)
- Re: Routers Blue Boar (Nov 27)
- Re: Routers Martin Wehlou (Nov 27)
- Re: Routers James Eaton-Lee (Nov 27)
- Re: Routers Dude VanWinkle (Nov 27)
- Re: Routers Valdis . Kletnieks (Nov 27)
- Re[2]: Routers Pierre Vandevenne (Nov 27)
- Re: Re[2]: Routers Nick FitzGerald (Nov 27)
- Re: Re[2]: Routers Valdis . Kletnieks (Nov 27)