| Critique my security exposure I would like to run my own router, but it has only one Ethernet port. What is my security exposure at Layer 2 if I use VLANs for WAN and LAN? |
|
| If possible, I would get another NIC to run the WAN side. I would also not use VLAN1 since it is the default VLAN.
Possible attacks at the L2 (not specific to your switch):
MAC Flooding Attack
802.1Q and ISL Tagging Attack
Double-Encapsulated 802.1Q/Nested VLAN Attack
ARP Attacks
Private VLAN Attack
Multicast Brute Force Attack
Spanning-Tree Attack
Random Frame Stress Attack
»www.cisco.com/en/US/products/hw/···9f.shtml |
|
| Thanks for the link. I'm I right in assuming that only Verizon would have visibility to the MAC of my WAN interface? |
|
 Dream KillerGraveyard ShiftPremium
join:2002-08-09
Forest Hills, NY
kudos:1 | reply to Springbok
If I was in this situation though and everything works fine, I'd just keep it the way it is.
Spend a couple dollars for a proper multi-port router box if you're really worried about security. It wouldn't cost more than $100. |
|
| reply to Springbok
I picked up a SABRENT USB-G1000 USB 2.0 Ethernet adapter for WAN. It claims to be full-duplex, 1Gbps, but I thought USB 2.0 itself was only half-duplex. pfSense sees it as ue0. The pfSense router is currently behind the Actiontec and double NATing. Ping is maybe a 1ms slower, bandwidth is unchanged at 84/39 (my plan is 75/35). I cannot detect any obvious bottle necks or adverse affects with running the WAN through this USB interface... Thoughts? |
|
|
|
