Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Thursday November 12 2015, @11:48AM   Printer-friendly
from the air-gap-the-router dept.

A hacked/compromised router is the worst thing that can happen to computer users.

Any computing device (smartphone, tablet, laptop, desktop, refrigerator) sitting behind a compromised router can be attacked in every known way.

Needless to say, a router can be used for spying, not just on normally insecure communications but its also a perfect host for man-in-the-middle attacks on supposedly secure communication (SSL/TLS/HTTPS).

Compromised routers can send victims to scam versions of websites, a great way to collect passwords. In August, Jeff Atwood wrote about two people whose routers were hacked. One router modified web pages to show extra ads, another tricked a victim into installing a hacked version of the Chrome browser. And, of course, a router can be used to install malware on computers too. Did your last Flash update really come from Adobe? How would you know?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by SanityCheck on Thursday November 12 2015, @06:49PM

    by SanityCheck (5190) on Thursday November 12 2015, @06:49PM (#262288)

    I am looking at this solution every time one of my routers dies, but I usually am too busy to even begin it and u need a router right away. I would be interested in a lot more information about your implementation.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 5, Informative) by tempest on Thursday November 12 2015, @08:01PM

    by tempest (3050) on Thursday November 12 2015, @08:01PM (#262322)

    Previously I had a Soekris box which only used as much power as a consumer router, but had too many issues with it. Similar low power devices exist, but I haven't looked. So now I just use a low profile dell optiplex. It's fast, so easy to update, with enough resources to grow into other functions, and will die long before FreeBSD can't on it (I'd guess 30 years from now). i3 processor / 4gb ram / ssd with ZFS . I had the ssd laying around, and an extra stick of ram. This setup can get pricy for what it is, but it's a matter of longevity vs parts you may have access to already. I seriously don't need an SSD, but it saves power, 1Gb ram is plenty.

    Networking, I use the existing on-board chip set for outgoing networking to the internet, since performance isn't a big deal there. I put in a 4 port Intel networking card. Because it's auto sensing, you don't need crossover cables. I've got an open PCIe slot which I could go with more ports or wireless. Another weird use is that I use it to charge my USB crap because it's in a convenient location for that :)

    This uses much more power when turned on: 25w vs 12w. At 10:30pm it starts watching to see if all my stuff is actually on (PS3, PC, whatever). If not, it turns itself off. In the BIOS it's configured to turn itself on at 5:30pm, about 15 minutes before I get home from work.

    Software is basic: PF for firewall, isc-dhcp to hand out addresses, unbound for DNS. It also does NTP / rsync for file transfers. PFsense can do all this for you though (OS included), it's just that I prefer to manually maintain it. If you have a junk computer laying around, I'd give it a try, even if you don't have all the parts (network cards etc). The flexibility can really make up for the cost in my opinion. Use OpenVPN for remote network access, or set up an encrypted socks proxy to a VPS elsewhere on the internet. Lots of cool stuff you can do.

    • (Score: 2) by SanityCheck on Thursday November 12 2015, @08:25PM

      by SanityCheck (5190) on Thursday November 12 2015, @08:25PM (#262336)

      I would probably buy all new parts because anything I have lying around is gonna use 100W. And I definitely get why it's worth it to pay more for this setup, because if something breaks you can replace one part, not the whole thing. As is the consumer-grade shit dies in about 18 months, regardless of who makes it, and how many 5 star reviews it had on amazon. I woudl difinitely get VPN service on the box :) That would be super cool.

      • (Score: 1) by josh64 on Thursday November 12 2015, @09:39PM

        by josh64 (4204) on Thursday November 12 2015, @09:39PM (#262374)

        I'm in the same boat as you, and I've been keeping an eye on these http://www.pcengines.ch/ [pcengines.ch] - in particular the APU. I'm just waiting for the new APU with the AMD Jaguars to come out of testing.
        The price seems really reasonable for the features and performance.

  • (Score: 2) by PartTimeZombie on Friday November 13 2015, @02:40AM

    by PartTimeZombie (4827) on Friday November 13 2015, @02:40AM (#262468)

    I have a Linux solution, ClearOS running on an old Dell machine I already had. It does a lot more than just routing, but is a much better option than the ISP supplied VDSL router supplied to me.
    That just sits in bridge mode.