[sf-lug] Monday meeting and Bobbie Sellers' news

Sun Apr 15 21:08:21 PDT 2018

Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):

> On Sun, 2018-04-15 at 14:15 -0700, John wrote:
> > Dg834G is a wireless router, not a dsl modem.
> 
> Incorrect. It's a DSL modem/wifi router combo.

As some including Daniel have noted, the actual Netgear model
designation appears to be DG834G, not DG34G.  IMO, these are absurdly
overfeatured devices, especially given that few users will even _think_
of reflashing them to eliminate security problems:  My brief Internet
reading suggests that they could be characterised as 'ADSL modem /
router / firewall / switches' (often called a 'residential gateway')..

I was initially puzzled by Jim's upthread claim that Cloudfare scanning
told Bobbie her 'DSL modem' had been security-compromised (had 'malware').  
One very reassuring aspect of _true_ DSL modems -- a box that merely
encodes data bitstreams on frequencies above 8 kHz and sends them to the
remote DSLAM with ECC checksums -- is that it's so simple that you
cannot really attack it from the public Internet.  Over here at Chez
Moen, for example, a rather old Westrell aDSL modem mediates between my
house network and Raw Bandwidth's DSLAM, and its extreme simplicity is a
great comfort:  Less stuff to go wrong; nothing to attack.

An ADSL modem / router / firewall / switch like the DG834G v3, on the
other hand -- ah, that's a whole different kettle of fish.  It's a
baroquely featured full-blown embedded computer, not just a 'modem' --
and you cannot just leave those facing public networks for years without
software maintenance, any more than you can run a five-year-old Linux
distro without security updates without expecting security problems.

I'm guessing Bobbie's going to end up with some equivalent and equally 
overfeatured -- and probably equally unmaintained -- residential
gateway.  Why?  Because it's the easiest thing to do, even though -- my
point -- it would almost certainly make the same exact planning mistake
twice.

The old-school alternative -- which I'll mention for the record even
though I have roughly zero expectation Bobbie would consider it -- would
be to replace it with a true DSL modem, something that is only a modem.
But, you say, oh noes!  That doesn't give her an ethernet switch and WAP
with DHCP server functionality and IP masquerade / router stuff!  But
here's a thought:  Linux is really good at that, e.g., a little box
running OpenWRT or similar.  Which she can then maintain and prevent
being a security basket-case.