Posted: Wed Feb 17, 2016 18:26 Post subject: Make Broadcom ARM router Fort Knox; IPv6
Hello guys,
I want to make my home network as secure as possible, short of unplugging the WAN cable.
I ticked every box in the security menu of DD-WRT, as well as ensured upnp was disabled and no ports were being forwarded.
I also turned off any unnecessary services and ensured HTTP was disabled leaving only HTTPS enabled, as well as ensuring remote admin was disabled.
After doing some research, I see some here recommending installing optware and running asiablock, stophack, etc.
But according in the wiki OTRW2 does not run on ARM routers. Is there any alternative way of obtaining those services even if I can’t install optwear.
One las question I have has to do with IPv6. Right now I have it disabled as I have no need for IPv6.
Will DD-WRT block all IPv6 traffic attempting to connect to my router?
What if I enable it?
Would the statefull (SPI) firewall work out of the box on IPv6 traffic?
I’ve noticed that sometimes I am given an IPv6 address by my IP. With IPv6 disabled will I still be given a v6 address? Or does enabling IPv6 only effect the LAN side?
Posted: Wed Feb 17, 2016 18:43 Post subject: Re: Make Broadcom ARM router Fort Knox; IPv6
-UPnP
Note that the security concerns of it from years ago were from bad implementations allowing WAN-side access by default. That said, you could have some LAN-side malware that tries to exploit it, which is what I presume you're proactively preventing, at the expense of all the services that use it.
-Optware
Search for Entware; I recall its needed for ARM use.
-IPv6
If you have it disabled, the router won't see/use the address that the modem leases, so it doesn't nothing.
-IPv6 SPI
AFAIK, this is the same, but there have been some issues/fixes lately, so look at the Changelog if you want to look in to it. The key difference is that NAT isn't used w/ IPv6, which works around the high-bandwidth speed slowdown of IPv4 NAT.
-"Make Broadcom ARM router Fort Knox; IPv6"
No matter what you do, your router will not suddenly become a large gold reserve. BrainSlayer won't release that feature.
[For non-US readers: Fort Knox in Tennessee is where much of the US gold reserve resides. At least, it used to...] _________________ #NAT/SFE/CTF: limited speed w/ DD#Repeater issues#DD-WRT info: FAQ, Builds, Types, Modes, Changes, Demo#
OPNsense x64 5050e ITX|DD: DIR-810L, 2*EA6900@1GHz, R6300v1, RT-N66U@663, WNDR4000@533, E1500@353,
WRT54G{Lv1.1,Sv6}@250|FreshTomato: F7D8302@532|OpenWRT: F9K1119v1, RT-ACRH13, R6220, WNDR3700v4
Posted: Wed Feb 17, 2016 20:41 Post subject: Re: Make Broadcom ARM router Fort Knox; IPv6
[quote="jwh7"
-"Make Broadcom ARM router Fort Knox; IPv6"
No matter what you do, your router will not suddenly become a large gold reserve. BrainSlayer won't release that feature.
[For non-US readers: Fort Knox in Tennessee is where much of the US gold reserve resides. At least, it used to...][/quote]
LOL... Maybe if we all petition hard enough BS and Kong will add that feature
Thanks for your help,... I'm looking into entware now.
The problem I see with entware is that it does not have the services I want such as FixTables, BirmaBlock, AsiaBlock, WorldBlock, StopHack and StopHammer