On 9/5/2013 7:57 AM, Jim Pingle wrote:
On 9/4/2013 8:33 PM, Robert Guerra wrote:
Curious on people's comments on types of routers, firewalls and other
appliances that might be affected as well as mitigation strategies. Would
installing a pfsense and/or other open source firewall be helpful in anyway at
a home net location?
The text you sent seems to primarily focus on infrastructure routers --
those used at ISPs, peering points, etc. Home routers are a different
breed, but suffer the same or more problems.
Aside from the example Chris gave, here's another good one from earlier
this year:
http://securityevaluators.com/content/case-studies/routers/soho_service_hacks.jsp
But it doesn't matter if the vendors issue a patch, people actually have
to install the update to fix it, and odds are high that typical end
users have no idea that is even possible or something they have to do.
Jim
Its not like this is new or anything:
http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html
(non fixable backdoor in Alcatel DSL modems) 1999. Alcatel, when
pressured by the Bell companies, sold off the DSL business unit.
It was estimated that Alcatel lost an estimated 1-2 billion dollars,
when AT&T threatened to stop using them, because the refused to fix the bug.
http://connectedplanetonline.com/news/telecom_alcatel_unloads_dsl/
From $80/share to $2/share.
If Alcatel had released a patch, the ILECs could have send a update over
the ATM/DSLAM to the devices to upgrade the code, so,
someone didn't *want* to upgrade those devices.
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
