Jon Evans wrote: > While not open source, Mikrotik's RouterOS is pretty sweet. It's free > if you buy their hardware, and they have a $60 5-port gigabit router.
I haven't looked at Mikrotik in a while, but I'm familiar with them. > Their hardware is also great for the money. Routing performance on mine > has been flawless on my heavily used 50Mbit line. Ubiquiti Networks, on the product page for the router I referenced (http://www.ubnt.com/edgemax), links to a couple of head-to-head product comparisons done by some third party testing company. One pits their router against some Cisco model and some Juniper model. The other report compares it against a $400 Mikrotik router. Of course it trounced all of them on bandwidth, packet throughput, and latency, and they boil that down to a packet per dollar metric or some such, to further emphasize the great value you get from their $100 router. I wonder why they matched it up against the $400 Mikrotik router, rather than the $60 one that would seem to be in the same price class. Presumably if they outperform the $400 one, they also outperform the $60 model. > It is based on Linux and supports KVM; So the idea is you can run RouterOS in a KVM VM? I'm not keen on the idea of running firewalls on a VM. Seems like it unnecessarily increases your risk, given that dedicated appliance hardware can be had for fairly cheap. Or do you mean RouterOS can act as a KVM host, so you can run other applications as guests? That would imply you are running RouterOS on something a bit beefier than a $60 router appliance. :-) > ...while it does not have built-in IDS (at the moment) they have a > wiki article about using KVM to add a guest OS to run SNORT or your > IDS of choice. That seems to suggest the latter option... I'm also not a big fan of running anything more than necessary on a router. You don't need to run the whole IDS on the router. Only the packet capture probe. The rest can run on a bigger machine behind the firewall. So how regularly does Mikrotik provide security updates for RouterOS? How do they inform you of the updates? -Tom _______________________________________________ Hardwarehacking mailing list [email protected] http://lists.blu.org/mailman/listinfo/hardwarehacking
