Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Compromised Modems

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 5 Posters 897 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ibby1570
      last edited by

      I was just reading a news story about how hackers have found an exploit in the firmware of a modem manufacture.

      How would pfSense protect against a compromised modem since there is no way to put a firewall before the modem?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Well, it would still protect against unsolicited connections into WAN but it cannot protect what's outside of it.

        Still better than having a compromised modem that is also your firewall/router.

        Anything an ISP modem can see should be considered to be out on an untrusted network. As long as you're protecting data using encryption/authentication it doesn't really matter if the compromise is one link out or somewhere else out in the ISP's gear.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • J
          jack290
          last edited by

          I think this depends to some extent on how you use the modem.

          If the modem initiates a PPP connection back to the ISP and you then forward all inbound WAN traffic to a PFS firewall / router then the modem probably gets a web facing address and is visible to the hackers.

          If the modem is in some form of transparent bridge mode ( many but not all bridge/routers can do this, including DSL conntion types ) and the PPP connection to the ISP is initiated by the PFS firewall/router then the modem will not get a web address so should be invisible from the web.  The "web facing" address will now be the WAN port on the PFS firewall and a hacker is faced with hacking PFS, not the modem.

          If this is incorrect please can someone explain further?

          J.

          1 Reply Last reply Reply Quote 0
          • F
            FranciscoFranco
            last edited by

            I have not read about this exploit but I know that most cellular modem modules use a CPU just like you would find in a mobile phone. These modules firmware can be updated 'over the air' by the carrier. These modules also contain a GPS device which can piggyback off the cellular antennas. So truly a Black Box if ever there was one. An embedded computer on a stick.

            In my mind the addition of GPS makes these worse than an ISP modem if only for locational data.

            On ATT Mobile I see twice as many port scans then I do with my home ISP. So somebody is looking. Maybe an easy attack surface.

            1 Reply Last reply Reply Quote 0
            • chpalmerC
              chpalmer
              last edited by

              @ibby1570:

              I was just reading a news story about how hackers have found an exploit in the firmware of a modem manufacture.

              How would pfSense protect against a compromised modem since there is no way to put a firewall before the modem?

              are you talking about the Puma 6 models?

              Triggering snowflakes one by one..
              Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.