Return to Level1Techs.com

ISP backdoors in WAN router - What to do?

Frankly, DMZ is a solution in search of a problem. Why would someone forward every port/protocol for a fucking web server? Anyone with half a brain these days would only forward the necessary ports.

2 Likes

Hehe, indeed. This is what I was reading earlier - see the bit under ‘Rationale’ (https://en.wikipedia.org/wiki/DMZ_(computing)).

While that may have been the intended implementation for DMZs, I completely agree with you.

Having a DMZ in the sense that everything is allowed to hosts in that network segment is dumb, IMHO. Having a DMZ with servers that need to interact with incoming requests from the internet and sandwiching these hosts between 2 firewalls is best practice. Even if you only have one physical firewall, usually a software firewall will be running on these exposed hosts.

1 Like

That’s what i did because my ISP stopped offering gateway units to consumers.

Term DMZ has been misappropriated by the home router manufacturers to mean DNAT all the incoming traffic to such-an-such an IP. (Doesn’t even track connections or look at protocols in most cases)

In most home routers and modems it’s all about NAT, it’s not a separate VLAN or anything, it has nothing to do with any kind of security, other than the obvious thing of you’ll be getting traffic now.

1 Like

Well said - when I didn’t make sense earlier @NetBandit this is exactly what I was on about.