advice wanted on structuring LAN + internet
George Toft
george@georgetoft.com
Wed, 27 Dec 2000 06:17:07 -0700
Hi David,
"David P. Schwartz" wrote:
>
> George Toft wrote:
>
> > First method requires:
> > - one IP addr;
> > - You to maintain firewall;
> >
>
> Usually, static IPs come in a block of 8. Five are available for use. I'm not sure how many need to be dedicated to the server, but I'm
> sure one is available for the LAN.
Hmmm...
If you get a block of eight, the first is your subnet number, and the
last is your broadcast address, leaving six for use. I wonder why
you only get five to use?
>
> > Second method requires:
> > - two IP addr from ISP ($$$);
> > - You to trust D-Link to write good firewall rules.
>
> These things basically block all incoming requests unless you tell them to open specific ports. It's in ROM, so there's nothing to hack
> or bypass.
<rant>
And there has never been a security exploit in any OS, right? There
has never been a vulnerability in Cicso IOS, either (boaahahaha). How
do you update a ROM when some cracker finds an exploit to the D-Link
OS and all the script-kiddies come knocking. Surely D-Link has
thought of this, so what do you do? Buy new ROMs, or a new router?
Maybe it's flash ROM and you can update it from their website, which
brings me back to vulnerabilities - ever hear of the Chernobyl
(W95.CIH) virus or the Millennium Internet Worm?
No thanks - I'll stay with something I control and I can update.
</rant>
George
[snip]