On Fri, Apr 09, 2004 at 05:56:18PM -0400, sunder wrote:
I've not seen, nor played with any of these, *BUT*, heed this warning which applies to all devices (and software?) that are 1) closed source and 2) offer some useful service which you'd be tempted to place inside your network, 3) are allowed to communicate with the outside world.
I cited those routers as instances of consumer-type cheap VoIP with encryption, which thwarts goverment-mandated tapping by ISPs. Exploiting built-in backdoors or remotely exploitable vulnerabilities is a different threat model. I definitely hope routers with DynDNS/VPN/VoIP and POTS jacks will become more widespread, and use opportunistic encryption as default. I personally am not going to buy the router, as it is lacking functionality and flexibility of a Linux-based firewall. I'm waiting for a passively cooled ~GHz VIA C3 motherboard with two NICs and external fanless power supply to ditch my current proprietary, rather braindead firewall. I've already verified IDE-cf adapters do very nicely, and there are dedicated distros like http://www.nycwireless.net/pebble/ which don't wear down the flash with r/w on /tmp and similiar. Should I stick with Linux (there's /dev/random and VPN support in current kernels for the C3 Padlock engine, right?) with SELinux or try OpenBSD for a firewall type machine with hardware crypto support? -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]