Why not? Are you required to use the ISP's modem and router...?
With Uverse, yes.
With Comcast for static IP addresses, yes. (But you can put your real router behind theirs and turn off NAT.)
A lot of ISPs consider their "customers" personal property.
Essentially, you are having the user connect to the internal address of the VPN server for your forwarded port, and therefore you do not go through the VPN or NAT. A good VPN service will have bound your port to the external address only, and this would not work. And the bad ones will fix this quickly, I bet.
Exactly this - what's to stop your own equipment from being the static IP?
I think you both misread what I said.
Comcast requires their business-class DSL customers with more than one static IP to use rented equipment.
They'll let you have a single static IP with your own CPE. They might even allow you two (not certain). They won't let you have a block of eight IPs, which is what I currently have from Covad or Megapath or whatever their name is this week (Global something-or-other).
I think you did not read what I wrote. You use the non-wifi and non-NAT equipment (and you have to demand it, or they will put in the WiFi full wiz bang BS router) and set up your firewall behind it. Yes, you do not own the docsis router. Nor you you own the rest of the routers in their network. But you do own the device doing firewall, NAT and WiFi which nips this security problem in the bud.
... problem solved. The only reason this attack vector exists in the first place is that people are too lazy to install their own equipment.
Unfortunately, Comcast requires their business-class DSL customers with more than one static IP to use rented equipment, even if you are using it in a residential setting. So power-user customers don't have the option to install their own equipment.
Yes you can. You just specify the non-wifi equipment and no NAT. (Like the SMC Broadband Gateway. The Netgear can do it to.) Then set up your own firewall and WiFi. You can use something like www.smallwall.org on an old WinTerminal for under $50.
This could also make power speculation and arbitrage possible. Buy power to charge up on windy nights and sell on hot days. (In summer, anyway) Bulk wind power in Texas on the spot market has actually dropped below zero on a few occasions. http://www.slate.com/articles/... This would fix that imbalance.
You have a point for some, but how does the average and unsophisticated user totally avoid google? Just not searching on www.google.com is not enough...
And it will always be this way. People will only put up with so much intrusion before creating tools to block it. And those tools will swing way back past the point they would have accepted as reasonable... Go ahead... Kill the goose.
I wasn't aware FreeBSD was a top level Linux distribution.
Hmmm...
With the major distros all moving to systemd, it's nice to see someone burn that bridge. I think if at least one top level distro was anti-systemd, then the drama would all go away, because the group that distrusts systemd could just go there. Someone quick spend your life forking fedora to a non-systemd thing. Pls?
FreeBSD. And it is growing. Admittedly, from a VERY small share, but...
Get me an up-to-date nVidia driver, and support for vmware, and I'll switch all my systems right now. Cold day in hell, you say? That's about when I'll go BSD, then.
Well, I guess you will be reinstalling for a while... VMware since FreeBSD8 and current Nvidia drivers. http://www.nvidia.com/object/f... PC-BSD is a little easier for a Desktop then pure FreeBSD.
I love that page. A good coverage of what is considered secure. In SmallWall, http://www.smallwall.org/ the continuation of m0n0wall, the IPsec configuration page actually has a link to that Cisco page, along with warnings about what is no longer secure.
Note, however, that they also consider DH-2048 acceptable. I believe the general consensus is that it will be secure until about 2020.
I love the strategy there... "Let's treat his guy like crap so he becomes a repeat customer!" Well, I guess it works for Comcast, so there must be something to it.
Slashdot Mirror
Why not? Are you required to use the ISP's modem and router...?
With Uverse, yes.
With Comcast for static IP addresses, yes. (But you can put your real router behind theirs and turn off NAT.)
A lot of ISPs consider their "customers" personal property.
So the Router firmware that everyone here coos about actually uses a sucky firewall?
Netfilter != pf.
Typical F/OSS Fail.
So pick another one like http://www.smallwall.org/ or http://www.pfsense.org/ or whatever. The nice thing about FOSS is choice.
Essentially, you are having the user connect to the internal address of the VPN server for your forwarded port, and therefore you do not go through the VPN or NAT. A good VPN service will have bound your port to the external address only, and this would not work. And the bad ones will fix this quickly, I bet.
I think you both misread what I said.
They'll let you have a single static IP with your own CPE. They might even allow you two (not certain). They won't let you have a block of eight IPs, which is what I currently have from Covad or Megapath or whatever their name is this week (Global something-or-other).
I think you did not read what I wrote. You use the non-wifi and non-NAT equipment (and you have to demand it, or they will put in the WiFi full wiz bang BS router) and set up your firewall behind it. Yes, you do not own the docsis router. Nor you you own the rest of the routers in their network. But you do own the device doing firewall, NAT and WiFi which nips this security problem in the bud.
Unfortunately, Comcast requires their business-class DSL customers with more than one static IP to use rented equipment, even if you are using it in a residential setting. So power-user customers don't have the option to install their own equipment.
Yes you can. You just specify the non-wifi equipment and no NAT. (Like the SMC Broadband Gateway. The Netgear can do it to.) Then set up your own firewall and WiFi. You can use something like www.smallwall.org on an old WinTerminal for under $50.
This could also make power speculation and arbitrage possible. Buy power to charge up on windy nights and sell on hot days. (In summer, anyway) Bulk wind power in Texas on the spot market has actually dropped below zero on a few occasions. http://www.slate.com/articles/... This would fix that imbalance.
You have a point for some, but how does the average and unsophisticated user totally avoid google? Just not searching on www.google.com is not enough...
And it will always be this way. People will only put up with so much intrusion before creating tools to block it. And those tools will swing way back past the point they would have accepted as reasonable... Go ahead... Kill the goose.
I wasn't aware FreeBSD was a top level Linux distribution.
Hmmm...
With the major distros all moving to systemd, it's nice to see someone burn that bridge. I think if at least one top level distro was anti-systemd, then the drama would all go away, because the group that distrusts systemd could just go there. Someone quick spend your life forking fedora to a non-systemd thing. Pls?
Nope... Linux never mentioned there.
You mean this? http://www.nvidia.com/object/f...
FreeBSD. And it is growing. Admittedly, from a VERY small share, but...
Get me an up-to-date nVidia driver, and support for vmware, and I'll switch all my systems right now. Cold day in hell, you say? That's about when I'll go BSD, then.
Well, I guess you will be reinstalling for a while... VMware since FreeBSD8 and current Nvidia drivers. http://www.nvidia.com/object/f... PC-BSD is a little easier for a Desktop then pure FreeBSD.
FreeBSD. And it is growing. Admittedly, from a VERY small share, but...
I love that page. A good coverage of what is considered secure. In SmallWall, http://www.smallwall.org/ the continuation of m0n0wall, the IPsec configuration page actually has a link to that Cisco page, along with warnings about what is no longer secure.
Note, however, that they also consider DH-2048 acceptable. I believe the general consensus is that it will be secure until about 2020.
It doesn't need to be secure forever. Because in 2 hours I will be using a new key. The constant update of keys is one of the nicer features of IPsec.
I love the strategy there... "Let's treat his guy like crap so he becomes a repeat customer!" Well, I guess it works for Comcast, so there must be something to it.
The only information most places will have on me is Andrew Jackson. Occasionally Benjamin Franklin to... The can not share data you do not give them.
Really? Ubuntu has been called a lot of things, but "hard" is not one of them.
Doh! Ooops... Not like there is any difference now since you can't homebrew either one anymore.
And again 7 years ago. And again 5 years ago... There was the CD rootkit, the USB rootkit, and Xbox Linux removal...
You missed the USB drive in the middle... 3 strikes... http://techreport.com/news/130...
And don't forget their special USB drives. http://techreport.com/news/130...
Bleh. Wasn't the first time enough?
Not for them. They did it again in a USB drive. http://techreport.com/news/130...
I wish maintenance was why I went so often...
Yes, but the owner of Best Buy does not play golf with the city mayor or state governor.
Well, no one plays golf with he governor of Texas. And I don't see the Houston Mayor doing to much golf either... Kinda poor examples there.
As soon as the warranty ended, I never went back. My local shop is much better then the dealer. If yours is not, find another one.