[rescue] Good SOHO router for ASDL? (was: what is this traffic?)
Jonathan Patschke
jp at celestrion.net
Wed Nov 4 17:06:51 CST 2015
On Wed, 4 Nov 2015, J. Alexander Jacocks wrote:
> How do you all feel about running unsupported (i.e. vendor no longer
> provides updates) hardware, even of good quality, on Internet-connected
> networks? I had an older (admittedly consumer-grade) firewall
> penetrated no too long ago, and it has made me unwilling to run any
> firewall that is not actively patched. So, pfSense is my choice, at the
> moment.
I've run OpenBSD on a small computer (either SPARC or amd64) as an
endpoint for over a decade because I can use OpenVPN, run my own caching
nameserver (that returns proper NXDOMAIN records instead of an ISP
spamvertisement A-record), and do a variety of "network" things with it.
Consumer gear running OEM firmware is, IMO, a liability. Every big name
has had an exploit or back-door they've been slow to patch. A lack of
ongoing support just makes it worse.
Low-power hardware is cheap, and pf is very easy to configure. Unless
there's a consumer-level feature you need (UPnP, WPS, etc.), why use
anything else?
--
Jonathan Patschke | "Right now, computers, which are supposed to be our
Elgin, TX | servant, are oppressing us."
USA | -- Jef Raskin
More information about the rescue
mailing list