You can be sure that we at iconz would be telling you all :)

the only thing i have found that is a little suspect is that the M10 is
advertising the 172.x.x.x network (forget the exact range) via RIP to the
internal ethernet, potentially this would open the possibility for a
machine to be setup on the internal network that was set to learn the
routes coming from the M10 and a local telecom person could play with
your routing tables remotely. Personally i dont run RIP and this doesnt
bother me overtly, tho it irks me a little to know that via this telecom
could potentially have access to any of the machines on your internal
lan.

the reason we at iconz would wish to sell a firewall solution to someone
is when a) they wish to do some form of VPN for inter-office
communications or other funky stuff or b) they wish to run services behind
the M10, the M10 produces no statistic gathering, packet filtering or
statefull inspection which a firewall would, hence complementing the
package and providing the ability to operate services in a more "secure"
environment.

in this case its not that we dont trust the M10 to be secure, its that we
dont trust the *IX/NT/Whatever box that is running the services behind the
M10 to be secure.

if our sales/marketing drones have been missleading customers in this
respect then we would really like to know so we can educate them, I will
be CCing them a copy of this message so they should all hopefully get the
right idea :) but keep in mind, to the ISP all the M10 is is a $20
account, of course they will try to on sell additional services, its what
they get paid for - you as consultants and customers just need to have the
ability to tell the sales person what YOU want, not what they tell you you
want :)

oop, and one other thing you may wish to use a firewall for behind the
M10, monitoring the activites of your staff :) I'm sure there are many
other applications where it could be usefull for a customer to have such a
device.

--
Steve,
Systems Admin, Asia Online NZ Ltd
(Formerly The Internet Company of New Zealand)
On Fri, 7 Apr 2000, Juha Saarinen wrote:
> If ICONZ knows of any existing security problems or succesful cracks of
> M10s, they should tell us...
> 
> -- Juha
> 
> %-> -----Original Message-----
> %-> From: owner-adsl@ns.freebsddiary.cx
> %-> [mailto:owner-adsl@ns.freebsddiary.cx]On Behalf Of John Huttley
> %-> Sent: Friday, 7 April 2000 3:53 p.m.
> %-> To: adsl
> %-> Cc: Neven MacEwan
> %-> Subject: Re: Are M10's Secure?
> %->
> %->
> %-> This is good.
> %->
> %-> I shall advise the client, with a clear concscience, that there
> %-> are no hacks on
> %-> record.
> %-> Not withstanding what the marketing dept of iconz have to say.
> %->
> %-> Thanks all.
> %->
> %-> John
> %->
> %-> ----- Original Message -----
> %-> From: Kevin Stewart <kevins@netgate.net.nz>
> %-> To: John Huttley <john@mwk.co.nz>; adsl <adsl@freebsddiary.cx>
> %-> Sent: Friday, 7 April 2000 15:41
> %-> Subject: Re: Are M10's Secure?
> %->
> %->
> %-> > Telecom can :)
> %-> >
> %-> > and unless you open admin access through the ppp link you
> %-> cant telnet to the
> %-> > M10 except from the lan and vcc2
> %->
> %->
> %->
> %-> To unsubscribe: send mail to majordomo@freebsddiary.cx
> %-> with "unsubscribe adsl" in the body of the message
> %->
> %->
> 
> 
> To unsubscribe: send mail to majordomo@freebsddiary.cx
> with "unsubscribe adsl" in the body of the message
> 
To unsubscribe: send mail to majordomo@freebsddiary.cx
with "unsubscribe adsl" in the body of the message