On Fri, 18 Jul 2014, Benjamin Cama wrote:
Le jeudi 17 juillet 2014 à 17:03 -0700, David Lang a écrit :
But the reality is that hackers and worms have shown that leaving systems
exposed to the Internet is just a Bad Idea.
Do you mean, all the hackers and worms we see today despite all these
systems being behind blocking firewalls and NATs?
Yep, how much worse would they be if more systems were exposed?
[…]
link-local addressing isn't a good idea, because the average home will have
three separate links (wired plus two bands of wireless), these can get bridged
together, but that causes problems as well.
For this, you have ULA. It is available in OpenWRT and recommanded by
the RFCs cited earlier.
but these low quality devices will not be using local addresses (unless the
router implements outbound NAT) because they will need to connect to "the cloud"
[…]
But do you really want to see the news stories about how anyone running openwrt
is vulnerable to $lastest_windows_exploit but people running stock firmware
aren't?
This is nonsense, this will never happen as nobody cares about OpenWRT.
so we should just all go home since nobody cares what we do.
Yes, it would be ideal if every host was locked down so that it was safe for
them to be exposed.
They are exposed anyway, by other means.
there are degrees of exposure, and while I agree that perimeter security by
itself is not what we really want, throwing away perimeter security on the
theory that every device is going to be secure, or that they are exposed anyway
is just begging for trouble.
David Lang
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
