I must disagree with the degree of certainty of your conclusion. Alcatel security has little to do with the security of the machine running behind it, since when alcatel don't get an ip, the machine gets the ip. i.e. the machine, which is where the data is, is vulnerable to internet hazards. setting up a firewall, and IDS if u r running a public service is the only way to enhance the security of your server. so what if ur modem gets hacked. it can't bypass the firewall because the Linux firewall, when you choose a gateway, should in default define the gateway to be separated from the computers behind it. a. ok now lets hypothesize that your modem gets hacked on the pro mode. using the above assumption as the reality of the Linux configuration, the modem will in effect be just another computer on the network. b. lets now return to the pptp session configuration. if somehow the hacker hacked the modem, he could potentially find a way to piggy bag on the pptp session on which case the firewall have no protection against. by piggy bag i mean that a bug in the modem would allow to initiate a telnet session as comming from inside the pppX of your machine. i.e. by not changing anything in the code or adding to it.
conclusion: you are in effect have a lesser degree of security with the pptp session. also please note that pptp is an encapsulation protocol, and tcp over ppp is not, that is, if you reject all traffic originating from the modem you are more safe then accepting pptp traffic from the modem. That said, it could be that there is a way to install some sniffer+tcp injection code+packet router inside the modem, but I have my doubts. nb: i use pptp and have alcatel. why?, lazy + don't care + i pitty the guy/girl (lets be politicaly correct) who would want to hack my p90 machine who can't be sure what time of day is it. i would put it in a senior home, but i don't have the heart. * - * - * Tzahi Fadida [EMAIL PROTECTED] Technion Email: [EMAIL PROTECTED] My Cool Site: HTTP://WWW.My2Nis.Com * - * - * - * - * - * - * - * - * - * WARNING TO SPAMMERS: see at http://members.lycos.co.uk/my2nis/spamwarning.html > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:linux-il-bounce@;cs.huji.ac.il]On Behalf Of Ira Abramov > Sent: Sunday, October 20, 2002 12:19 AM > To: Linux-IL > Subject: Re: pptp kernel freeze v2 > > > Quoting Robert Wallner, from the post of Sat, 19 Oct: > > I don't know if you ppl don't already know this, but the so called > > alcatel "modems" are in fact routers with some features disabled. I > > no news, we had the "howto" published on the list a few > months back. the > one thing you forgot to mention is that the "Pro" mode makes it much > more vulnerable to carcking from the outside, since it gets a real IP > all of a sudden > > another option (if you are rich) is to get an S-Box (www.s-box.com), or if you are poor, a 4 port 10/100 hub and pptp router from linksys: http://linksys.com/Products/product.asp?grid=23&prid=20 and other such neat router/packet filter/switch combos that are $45-$80 on Amazon and other places (search "DSL router"). some of them even have IPSEC and can connect you to the Office CP FW-1 based VPN server in any case, Alcatel, is NOT a very good idea, security-wise -- Don Quixote and Abraham Lincoln rolled into one Ira Abramov http://ira.abramov.org/email/ This post is encrypted twice with ROT-13 Documenting or attempting to crack this encryption is illegal ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
