Right. And there are still random other similar vulnerabilities that we find out about all the time. Often associated with "features" that help make it easier to set up and/or reset a home router, but which can easily make the router vulnerable to any compromised computer within wifi range.

This is why I prefer to use a Debian box I've set up as a secured router rather than a home router appliance. No web interface for administration, just ssh (with passcode protected ssh key authentication, not password authentication, of course, on a custom port). No special "features" to make it easier to remotely reset/administer the box. I switch on the monitor and log in directly if things are somehow too messed up for ssh to work.

I still have a commercial wireless access point attached to that Debian router, though. The point is, though, to try and keep that WAP simple and minimize the functions its supposed to perform.

Well I rather assumed the that would be the first thing that any sensible person would do!!

My ISP allows me to bridge the modem. And so my computer has a public IP address. Obviously there is a NAT firewall behind that first IP address. Usually I use Pfsense. But I have full control over the firewall. And all computers inside the firewall have a private address.

And VPS-es I run directly connected to the internet with a public IP address. Like everyone else I guess.

Frankly I don't understand the intention of this poll.

jlinkels