@dsf58 I think that's actually a very good point. As a baseline you should set the 'modem' so that it doesn't respond to WAN-side management requests, but as we've seen recently there's little guarantee that this is 100% secure for now and in future.

In theory, using it as a modem (bridge) only should mean that it doesn't get a public IP address and therefore it would be useless for most DDoS attacks. However, I wouldn't be surprised if some ISPs still assign them an IP address for their management purposes - I may well be wrong but I suspect Virgin do this even if the SuperHub is in modem mode for example.

I don't think there's a way around this really, as long as the modem is another box it will have some sort of potentially exploitable flaws; some manufacturers will be better at reducing the risk and issuing updates, some won't really care.

In reply to a post by dsf58:

the words modem, router, switch, hub etc., seem to be used with remarkably little care in some places!)

Do a search on this site for 'RJ45' and see how many uses of it are correct, i.e. are genuinely referring to a telephone system registered jack, and how many actually mean 8P8C.

I notice you have appeared on this forum recently with some strong opinions and quite a lot of posts, that's fine but is there any value in replying to a post that is well over 3 years old?