[rescue] Good SOHO router for ASDL? (was: what is this traffic?)

Jonathan Patschke jp at celestrion.net
Wed Nov 4 17:06:51 CST 2015

On Wed, 4 Nov 2015, J. Alexander Jacocks wrote:

> How do you all feel about running unsupported (i.e. vendor no longer
> provides updates) hardware, even of good quality, on Internet-connected
> networks?  I had an older (admittedly consumer-grade) firewall
> penetrated no too long ago, and it has made me unwilling to run any
> firewall that is not actively patched.  So, pfSense is my choice, at the
> moment.

I've run OpenBSD on a small computer (either SPARC or amd64) as an
endpoint for over a decade because I can use OpenVPN, run my own caching
nameserver (that returns proper NXDOMAIN records instead of an ISP
spamvertisement A-record), and do a variety of "network" things with it.

Consumer gear running OEM firmware is, IMO, a liability.  Every big name
has had an exploit or back-door they've been slow to patch.  A lack of
ongoing support just makes it worse.

Low-power hardware is cheap, and pf is very easy to configure.  Unless
there's a consumer-level feature you need (UPnP, WPS, etc.), why use
anything else?

Jonathan Patschke | "Right now, computers, which are supposed to be our
Elgin, TX         |  servant, are oppressing us."
USA               |                                       -- Jef Raskin

More information about the rescue mailing list