What's the concern with them sharing the same ethernet segment?
It's not performance, because a 14mbit ADSL connection is a drop in
the ocean for 100/1000baseT. And I don't see how it could be security
either, since the dirty internet IPs only exist in encapsulated form
until they're decoded on the Linux gateway.
I've seen articles on people doing what you imply can't happen in #2,
and tricking devices on said segment into receiving false packets.
You're suggesting that IP tunnelled over an RFC 1483 bridge can somehow
be manipulated to get outside the tunnel.
Can you provide links to said articles demonstrating that?
Also, who is to say that the modem/router is inherently secure either,
even in bridged mode? If someone can gain control, and it is plugged
into your LAN, hey presto, they've got control.
OK, again, can you provide any examples of generic attacks on bridged
modems, from the outside world, that allows an attacker to take such
control?
Note: I've seen details of javascript attacks that automatically
reconfigure a modem/router to forward ports to machines behind the
router, by exploiting the usual defaults that people leave their
modem/routers set to. This allows people on the outside to search for
and connect to inside services, which are most likely not well secured.
It wouldn't be a far step to see them doing the same thing, even if the
modem is in bridged mode, in some way that is advantageous to them.
If you're running a vulnerable browser and its getting owned, then
really the router is the least of your concerns. Stick to the claims you
made above and back them up before building a strawman.
