On 25/11/17 03:23 AM, leloft wrote:
I have learned more about deep-security issues from this list than
from all other sources combined. It is probably my most
important resource for informations of this kind: it makes me think in
ways that I would never have even considered, and is as far from
bullshit as it is possible to get for a noob like me who can't 'detect
it'.
I have recently upgraded the remaining machines at work from Devuan
Jessie to Ascii. The headless machines are running without issue;
however the three machines that run X are playing up. It is still
early days, but since the upgrades, the previously completely stable
machines keep losing network connectivity. The router is a Netgear
DG834 v4, and as I am in the UK, I assume it has the 'backdoor'
firmware. The router will not accept a firmware update. All the
machines here are on allocated addresses 192.168.0.x which have been
the same for several years without issue. The three machines in
question are not accepting their allocated addresses (although the
three headless machines do so every time), one of the machines is using
more than one address at a time (up to 3 at a time), one of the
machines displaced a network printer, and yesterday, one machine
suffered an X 'event' with error messages everywhere referring to all
sorts of sensitive system files. The machines will nearly always get
their allocated addresses after a router reboot followed by a machine
reboot. Ugly.
So could I ask for your opinions please?
1) What should I replace the Netgear router with?
What's the 'critics choice'?
2) Which is less insecure: launching X
through a display manager (which has root privileges and grants them
to X), or from startx and Xwrapper with-root-rights=yes and dropping to
a console when the machine is unattended.
3) What is the current state of play with the new
X-as-a-normal-user in ascii? How's that shaping up?
The troublesome routers I would temporarily try a "factory reset" on
https://www.dd-wrt.com/wiki/index.php/Hard_reset_or_30/30/30
and set them up from scratch and attempt installation of the most
current firmware.
It you are having pop-up warnings I would take a good look at your web
browsers.
Those Netgear routers are old and will probably never be updated by even
third party firmware to cover a host of more modern vulnerabilities. I
definitely would be fast tracking the phase out of them if they face the
Internet.
I may be wrong, but are not those ADSL gateway/routers, if so that adds
another variable into the selection mix, that may depend greatly on your
ISP's or ISPs' hardware and protocols.
Myself when faced with such situations tend towards selecting a suitable
modem setting it in bridge mode and handling routing with a dedicated
router, this adds more hardware and wall warts, but as things change
maintains better flexibility.
Ubiquity routers are a good choice for routing.
HTH
Clarke
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
