[HH] single board computers for use as a router
Tom Metro
tmetro+hhacking at gmail.com
Thu Apr 25 22:32:32 EDT 2013
Jon Evans wrote:
> While not open source, Mikrotik's RouterOS is pretty sweet. It's free
> if you buy their hardware, and they have a $60 5-port gigabit router.
I haven't looked at Mikrotik in a while, but I'm familiar with them.
> Their hardware is also great for the money. Routing performance on mine
> has been flawless on my heavily used 50Mbit line.
Ubiquiti Networks, on the product page for the router I referenced
(http://www.ubnt.com/edgemax), links to a couple of head-to-head product
comparisons done by some third party testing company. One pits their
router against some Cisco model and some Juniper model. The other report
compares it against a $400 Mikrotik router. Of course it trounced all of
them on bandwidth, packet throughput, and latency, and they boil that
down to a packet per dollar metric or some such, to further emphasize
the great value you get from their $100 router.
I wonder why they matched it up against the $400 Mikrotik router, rather
than the $60 one that would seem to be in the same price class.
Presumably if they outperform the $400 one, they also outperform the $60
model.
> It is based on Linux and supports KVM;
So the idea is you can run RouterOS in a KVM VM?
I'm not keen on the idea of running firewalls on a VM. Seems like it
unnecessarily increases your risk, given that dedicated appliance
hardware can be had for fairly cheap.
Or do you mean RouterOS can act as a KVM host, so you can run other
applications as guests? That would imply you are running RouterOS on
something a bit beefier than a $60 router appliance. :-)
> ...while it does not have built-in IDS (at the moment) they have a
> wiki article about using KVM to add a guest OS to run SNORT or your
> IDS of choice.
That seems to suggest the latter option...
I'm also not a big fan of running anything more than necessary on a
router. You don't need to run the whole IDS on the router. Only the
packet capture probe. The rest can run on a bigger machine behind the
firewall.
So how regularly does Mikrotik provide security updates for RouterOS?
How do they inform you of the updates?
-Tom
More information about the Hardwarehacking
mailing list