Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Compromised Modems

    General pfSense Questions
    5
    5
    597
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ibby1570
      last edited by

      I was just reading a news story about how hackers have found an exploit in the firmware of a modem manufacture.

      How would pfSense protect against a compromised modem since there is no way to put a firewall before the modem?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Well, it would still protect against unsolicited connections into WAN but it cannot protect what's outside of it.

        Still better than having a compromised modem that is also your firewall/router.

        Anything an ISP modem can see should be considered to be out on an untrusted network. As long as you're protecting data using encryption/authentication it doesn't really matter if the compromise is one link out or somewhere else out in the ISP's gear.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • J
          jack290
          last edited by

          I think this depends to some extent on how you use the modem.

          If the modem initiates a PPP connection back to the ISP and you then forward all inbound WAN traffic to a PFS firewall / router then the modem probably gets a web facing address and is visible to the hackers.

          If the modem is in some form of transparent bridge mode ( many but not all bridge/routers can do this, including DSL conntion types ) and the PPP connection to the ISP is initiated by the PFS firewall/router then the modem will not get a web address so should be invisible from the web.  The "web facing" address will now be the WAN port on the PFS firewall and a hacker is faced with hacking PFS, not the modem.

          If this is incorrect please can someone explain further?

          J.

          1 Reply Last reply Reply Quote 0
          • F
            FranciscoFranco
            last edited by

            I have not read about this exploit but I know that most cellular modem modules use a CPU just like you would find in a mobile phone. These modules firmware can be updated 'over the air' by the carrier. These modules also contain a GPS device which can piggyback off the cellular antennas. So truly a Black Box if ever there was one. An embedded computer on a stick.

            In my mind the addition of GPS makes these worse than an ISP modem if only for locational data.

            On ATT Mobile I see twice as many port scans then I do with my home ISP. So somebody is looking. Maybe an easy attack surface.

            1 Reply Last reply Reply Quote 0
            • chpalmerC
              chpalmer
              last edited by

              @ibby1570:

              I was just reading a news story about how hackers have found an exploit in the firmware of a modem manufacture.

              How would pfSense protect against a compromised modem since there is no way to put a firewall before the modem?

              are you talking about the Puma 6 models?

              Triggering snowflakes one by one..

              1 Reply Last reply Reply Quote 0
              • First post
                Last post