Half bridge security

gueni · May 7, 2021, 10:59am

Hi folks!

LTE->ISP/Modem/Router->OpenWrt device->clients

On that configuration, does setting the ISP router to "bridge mode"(what's half-bridge really) lower the possibility for backdoors/man-in-the-middle attacks or something, because some parts of the OS not running, eg. firewall, NAT, etc.?

Is it worth to gain small security (if there is any) but losing the redundancy of a second router/wifi AP and have the wifi always on because of configuration access?

Silly question but what do you guys think?

frollic · May 7, 2021, 1:52pm

No,

assuming all clients connect the openwrt device, and it's configured as a router.

gueni · May 7, 2021, 2:55pm

2x yes

What I thought about is if someone sneaks to the ISP router over a backdoor and sniffs my traffic or routes it to somewhere. So no routing, no problem...thats what I thought..
I don't know if this has ever been done on consumer devices but I read that its possible in theory and back doors have been found on some routers.

Am I too paranoid?

Edit: It all comes to the question: Will this pseudo (half) bridge mode (where the traffic is just forwarded to a ethernet port) on the ISP router help on that issue?

frollic · May 7, 2021, 4:03pm

Yes

No,

But you're pretty safe, since DNS over HTTPS or TLS is more secure, and all sites use https anyway.

gueni · May 7, 2021, 4:36pm

Thank you @frollic for your answers!

system · May 17, 2021, 4:37pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.