VPN VoIP
Eugen Leitl
eugen at leitl.org
Sat Apr 10 10:12:25 PDT 2004
On Fri, Apr 09, 2004 at 05:56:18PM -0400, sunder wrote:
> I've not seen, nor played with any of these, *BUT*, heed this warning
> which applies to all devices (and software?) that are 1) closed source and
> 2) offer some useful service which you'd be tempted to place inside your
> network, 3) are allowed to communicate with the outside world.
I cited those routers as instances of consumer-type cheap VoIP with
encryption, which thwarts goverment-mandated tapping by ISPs. Exploiting
built-in backdoors or remotely exploitable vulnerabilities is a different
threat model. I definitely hope routers with DynDNS/VPN/VoIP and POTS jacks
will become more widespread, and use opportunistic encryption as default.
I personally am not going to buy the router, as it is lacking functionality
and flexibility of a Linux-based firewall.
I'm waiting for a passively cooled ~GHz VIA C3 motherboard with two NICs and
external fanless power supply to ditch my current proprietary, rather
braindead firewall. I've already verified IDE-cf adapters do very nicely, and
there are dedicated distros like http://www.nycwireless.net/pebble/ which
don't wear down the flash with r/w on /tmp and similiar.
Should I stick with Linux (there's /dev/random and VPN support in current
kernels for the C3 Padlock engine, right?) with SELinux or try OpenBSD for a
firewall type machine with hardware crypto support?
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
More information about the cypherpunks-legacy
mailing list