Dear All,
My brother bought a tp-link router, which is powered by Linux. When we
deployed a new firmware on it, and connected through console, we
realised the horror:
1) Almost all of the embedded software is running as a privileged
user. The consequences can be dire: a single remote hole in any of
that software results in a user getting privilege access. This is very
bad from a security perspective.
I've looked into the Sagem modems, as well as the huawei are also
linux-based firmware. However, the manufacturers made no effort at
tuning the configuration of the boxes for security.
(I have technical screen capture, if someone is interested -- pm me
offlist, unless there's a huge interest)
2) Traffic shaping is broken on those devices. You cannot shape the
traffic. You end up with web sessions timing out or upload stalling. I
think that the current Traffic shaping mechanisms are not tuned for
multiple streams of traffic like simultaneous skype, google+, fb, irc,
and http traffic.
What's worse is that with the demand for 100Mbit/s traffic, we may end
up hitting the limitations of those devices who are stumbling blocks.
I believe that the device will end up saturating at around 40-50
Mbit/s, at which point we will reach the maxium throughput and hit the
limitations of the box.
--
This message is strictly personal and the opinions expressed do not
represent those of my employers, either past or present.
Received on Thu Apr 09 2015 - 19:46:45 PST