From: dwhodgins@nomail.afraid.org   
      
   On Sun, 20 Jan 2013 22:17:37 -0500, Adam  wrote:   
      
   > Umm... would you have any suggestions on the "best practice" way to set   
   > up my little Ethernet/WiFi LAN (or where to look for advice)?  I'm   
      
   The most important part is to change the router address, and admin   
   password from whatever the defaults are, to some other values, and   
   disable upnp.  That will help prevent soap attacks being used to   
   reconfigure the router.   
      
   This is security by obscurity, which is not a good method, but is   
   all that's available without fixing the firmware, which is very   
   unlikely, as it's working as badly designed.   
      
   There are soap attacks that reset the router to it's default values,   
   where, with some routers, upnp will be enabled, but if you make the   
   above changes, those will result in loss of network accessibility,   
   rather then giving the hackers control of the dns results, until you   
   figure out the router has been hacked, and reconfigure it.   
      
   Just in case the router does get hacked, never configure the computer   
   to use the router's idea of what dns servers to use.  I run bind (the   
   named service) on each computer, and have added "nameserver 127.0.0.1"   
   to /etc/resolvconf/resolv.conf.d/head, so that each computer has it's   
   own caching name server, instead of using whatever the router gets as   
   nameserver addresses.   
      
   Regards, Dave Hodgins   
      
   --   
   Change nomail.afraid.org to ody.ca to reply by email.   
   (nomail.afraid.org has been set up specifically for   
   use in usenet. Feel free to use it yourself.)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)