On Fri, Aug 15, 2014 at 11:39 PM, Scott Bonds <sc...@ggr.com> wrote: > [...] > Perhaps I should separate the router and 'everything else' > roles, so that the router only has builtin OpenBSD software on it, no > packages.
Strongly encourage you to get a separate box to run the router and firewall on. (Ted, if you read this, do you run firewall on Beagle Boards?) > Then again, whatever the exploit, they could probably still > use it on the newly separated 'everything else' box. Anyway, I clearly > have a lot to learn about security. Actually, many of the exploits will hit high enough speed bumps getting through the router/firewall, if you set it up right, that the exploit would not succeed in dropping actual rootkit. Not to say you don't need something to watch for rootkits, as well, but combining functions makes for a weaker system. -- Joel Rees Be careful where you see conspiracy. Look first in your own heart.