On Wednesday 27 December 2000 06:17, you wrote:
> Hi David,
>
> "David P. Schwartz" wrote:
> > Usually, static IPs come in a block of 8. ....
>
> Hmmm...
>
> If you get a block of eight, the first is your subnet number, and the
> last is your broadcast address, leaving six for use. I wonder why
> you only get five to use?
Don't forget the gateway.
> <rant>
> And there has never been a security exploit in any OS, right? There
> has never been a vulnerability in Cicso IOS, either (boaahahaha). How
> do you update a ROM when some cracker finds an exploit to the D-Link
> OS and all the script-kiddies come knocking. Surely D-Link has
> thought of this, so what do you do? Buy new ROMs, or a new router?
> Maybe it's flash ROM and you can update it from their website, which
> brings me back to vulnerabilities - ever hear of the Chernobyl
> (W95.CIH) virus or the Millennium Internet Worm?
>
> No thanks - I'll stay with something I control and I can update.
> </rant>
>
> George
What? IOS had a bug? :^)
I gotta agree. While one might make the case that a pnp firewall/hub
'solution' is better than nothing for Joe Six-Pack and his shiny new cable
modem, the only way to go for any serious firewalling is to have a box that
you understand and control. (Even PIX -- and I hated PIX.) You can put
together a decent firewall system for not much more than a D-Link.
With a dedicated firewall box you can run other services for your internal
network like dhcp and dns, as long as you write appropriate port-blocking
rules for the external interface. Keep in mind, though, that every service
you run is a potiential risk. The best firewall has no available services,
even dhcp.
OTOH, if this is a business hookup and one of those drop-in firewall thingies
are mandated by the boss, be sure to check out the competition. 3Com and
others make similar products. I don't know about anyone else, but when
someone says 'D-Link', 'security' does not immediately come to mind. :^)
Larry
(text/plain)