Andrew McGlashan <[email protected]> writes: > for instance a box running ROOTer [1] (a version of DD-WRT) [...] I am > of the view that the public IP (or carrier grade NAT IP), should not > be public facing directly on equipment that /may/ have any kind of > vulnerable component [...] Linux.
Um, DD-WRT isn't a magically invincible Linux distro just because it targets embedded systems. I have no cite, but ISTR hearing about the DD-WRT developers releasing a stable release that allowed full admin access by default from one of their for-profit customers' IP addresses. And their response was "oh that was a mistake, but it's totally fine to keep running it, because I happen to know that address isn't in use at the moment." That said, if you have >1 host it's reasonable to put them all behind a single bastion. _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
