OT: ADSL safe practices and setting up a home network

Eugen Leitl eugen at leitl.org
Fri Apr 14 15:08:53 UTC 2006


On Fri, Apr 14, 2006 at 09:47:05AM -0500, Mike McCarty wrote:

> >No snooping if you lock it down.
> 
> I don't know what you mean by "lock it down", as that has no

You could use a VPN over a WLAN, for instance. You could
firewall off the LAN part, and just run the AP in the untrusted DMZ.
You could run it open or stealthy the SSID, lock down by
MAC, use the newer crypto protocols, etc.

> technical definition. I don't have any machines which have
> a wireless card/builtin, and have no desire to get any. The

It's too bad, these things are handy. I run an open AP
for anybody who cares to pass by, and I in turn expect
to be able to use open APs of other people.

> wireless router was on sale, so I got it. I didn't get it
> to use it as a router, but as a firewall. I only keep one
> machine plugged into it. I'd prefer not to have a wireless
> router at all.

Speaking about consumer firewall bashing -- most of them
are truly broken. However, for those of them which are based
on Linux there's always a chance of using an alternative firmware
<http://en.wikipedia.org/wiki/OpenWRT> etc. or roll your own
router/firewall from scratch, using a system from Soekris
http://www.soekris.com/ or or a wrap system from 
PCEngines http://pcengines.ch/ and flashing them with
m0n0wall http://m0n0.ch/wall/ or pfsense http://pfsense.org/

This will get you the functionality of a Netscreen 5GT
for a lot cheaper (you'd save a kilobuck, as a m0n0 wrap
goes for distinctly under 200 EUR).

There is absolutely no point to use an ASIC based firewall
(which the Juniper Netscreen is *not*, you have to shell out
a lot more than the 1.2 k$ it costs) on a domestic broadband
connection (the m0n0 wrap handles 50 MBit/s symmetrical just
fine). With a crypto accelerator board like http://soekris.com/vpn1401.htm
you get good VPN performance, too.
 
> Disabling the RF part relies on the firmware and hardware both
> to be correct. Removing the antenna relies on nothing.

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060414/fde26ef7/attachment-0001.sig>


More information about the fedora-list mailing list