Hi,
I am in one of those situation where I will have to use one of those mobile USB 4G dongle that I do not "fully" trust.
It works great on FreeBSD thanks to the urndis driver. The USB device itself seems to run a highly modified version of DD-WRT, but I can't just re-flash it myself as it is not part of the DD-WRT "distribution".
Now I know RNDIS has been a concern for years in the Linux world
I am guessing there is a similar concern on FreeBSD?
So I am wondering what I can do...
1. Make a router VM, pass-through my "Alder Lake-N PCH USB 3.2 Gen 2x1 (10 Gb/s) xHCI Host Controller"
The issue is I kind of have to let go of all my USB ports (always a problem !).
2. Make a router jail with access to the single USB device.
The problem is from what I understand this offer little protection from a potentially malicious device...
I can only improve the network part of the security.
My questions are:
- Do you think it is a real concern for personal use?
- Is there something I do not see?
- What would you do?
Many thanks !
I am in one of those situation where I will have to use one of those mobile USB 4G dongle that I do not "fully" trust.
It works great on FreeBSD thanks to the urndis driver. The USB device itself seems to run a highly modified version of DD-WRT, but I can't just re-flash it myself as it is not part of the DD-WRT "distribution".
Now I know RNDIS has been a concern for years in the Linux world
I am guessing there is a similar concern on FreeBSD?
So I am wondering what I can do...
1. Make a router VM, pass-through my "Alder Lake-N PCH USB 3.2 Gen 2x1 (10 Gb/s) xHCI Host Controller"
The issue is I kind of have to let go of all my USB ports (always a problem !).
2. Make a router jail with access to the single USB device.
The problem is from what I understand this offer little protection from a potentially malicious device...
I can only improve the network part of the security.
My questions are:
- Do you think it is a real concern for personal use?
- Is there something I do not see?
- What would you do?
Many thanks !