Compromised Modems
-
I was just reading a news story about how hackers have found an exploit in the firmware of a modem manufacture.
How would pfSense protect against a compromised modem since there is no way to put a firewall before the modem?
-
Well, it would still protect against unsolicited connections into WAN but it cannot protect what's outside of it.
Still better than having a compromised modem that is also your firewall/router.
Anything an ISP modem can see should be considered to be out on an untrusted network. As long as you're protecting data using encryption/authentication it doesn't really matter if the compromise is one link out or somewhere else out in the ISP's gear.
-
I think this depends to some extent on how you use the modem.
If the modem initiates a PPP connection back to the ISP and you then forward all inbound WAN traffic to a PFS firewall / router then the modem probably gets a web facing address and is visible to the hackers.
If the modem is in some form of transparent bridge mode ( many but not all bridge/routers can do this, including DSL conntion types ) and the PPP connection to the ISP is initiated by the PFS firewall/router then the modem will not get a web address so should be invisible from the web. The "web facing" address will now be the WAN port on the PFS firewall and a hacker is faced with hacking PFS, not the modem.
If this is incorrect please can someone explain further?
J.
-
I have not read about this exploit but I know that most cellular modem modules use a CPU just like you would find in a mobile phone. These modules firmware can be updated 'over the air' by the carrier. These modules also contain a GPS device which can piggyback off the cellular antennas. So truly a Black Box if ever there was one. An embedded computer on a stick.
In my mind the addition of GPS makes these worse than an ISP modem if only for locational data.
On ATT Mobile I see twice as many port scans then I do with my home ISP. So somebody is looking. Maybe an easy attack surface.
-
I was just reading a news story about how hackers have found an exploit in the firmware of a modem manufacture.
How would pfSense protect against a compromised modem since there is no way to put a firewall before the modem?
are you talking about the Puma 6 models?