randy at linuxfromscratch.org
Fri Apr 7 04:51:44 PDT 2006
On Fri, 2006-04-07 at 17:31 +0600, Alexander E. Patrakov wrote:
> Point taken, what's the recommended action against wvdial and rp-pppoe?
At this point, at a minimum, there should be a message on the respective
pages indicating embedded passwords are an inherent risk and should be
avoided if possible. It should then go on and say: for instructions how
you can set your system up to avoid embedded passwords, see
Anything more should be offered up by Archaic, as he is the resident
security pundit, and if I recall correctly, is employed in a capacity
of overseeing connectivity and mail issues for an ISP.
> But how would you solve the following problem?
> My computer connects to Internet via ADSL line (since 2006-03-21), and the ISP
> uses PPPoE. I am going to use this as an always-on connection, brought up on
> boot. You say that it is a very bad idea to store the password in
> /etc/ppp/pap-secrets, but the only other option would be to ask it every time
> during boot. What should be done here?
What I *always* did in the past was provide the password at boot
time. But then I've never automated the connectivity to an ISP
either. After the machine booted, I (or whoever else needed Internet
access after a server-shutdown), would initiate the connection
to the ISP.
Everything I've mentioned has to do with dial-up at a private
residence for a local network. None of my comments apply beyond
that. My personal experience when I used dial-up was that it was
fairly rare that this needed to happen.
Since probably 1995, I've had Internet connectivity running 24x7 in
my house, much of the time with a computer acting as the Internet
gateway. When I used dial-up, I had a dedicated analog line used
for nothing except this dial-up and I never shut down the machine
unless vacation or otherwise.
rmlinux: [bogomips 3993.32] [GNU ld version 2.16.1] [gcc (GCC) 4.0.2]
[GNU C Library stable release version 2.3.6] [Linux 188.8.131.52 i686]
06:38:05 up 17 days, 13:12, 4 users, load average: 0.01, 0.05, 0.06
More information about the blfs-dev