On Wednesday 27 December 2000 06:17, you wrote: > Hi David, > > "David P. Schwartz" wrote: > > Usually, static IPs come in a block of 8. .... > > Hmmm... > > If you get a block of eight, the first is your subnet number, and the > last is your broadcast address, leaving six for use. I wonder why > you only get five to use? Don't forget the gateway. > > And there has never been a security exploit in any OS, right? There > has never been a vulnerability in Cicso IOS, either (boaahahaha). How > do you update a ROM when some cracker finds an exploit to the D-Link > OS and all the script-kiddies come knocking. Surely D-Link has > thought of this, so what do you do? Buy new ROMs, or a new router? > Maybe it's flash ROM and you can update it from their website, which > brings me back to vulnerabilities - ever hear of the Chernobyl > (W95.CIH) virus or the Millennium Internet Worm? > > No thanks - I'll stay with something I control and I can update. > > > George What? IOS had a bug? :^) I gotta agree. While one might make the case that a pnp firewall/hub 'solution' is better than nothing for Joe Six-Pack and his shiny new cable modem, the only way to go for any serious firewalling is to have a box that you understand and control. (Even PIX -- and I hated PIX.) You can put together a decent firewall system for not much more than a D-Link. With a dedicated firewall box you can run other services for your internal network like dhcp and dns, as long as you write appropriate port-blocking rules for the external interface. Keep in mind, though, that every service you run is a potiential risk. The best firewall has no available services, even dhcp. OTOH, if this is a business hookup and one of those drop-in firewall thingies are mandated by the boss, be sure to check out the competition. 3Com and others make similar products. I don't know about anyone else, but when someone says 'D-Link', 'security' does not immediately come to mind. :^) Larry