> Thus I pose my question to a relatively unbiased group and hope that 
> this does not cause a flame war ... <g>

Hah.  Anything can be turned into a flame war, for those who are
so inclined.  :P

> Could someone(s) please compare and contrast the bridging and the PPP 
> modes for a Cisco 675 router, vis-a-vis the advantages and 
> disadvantages, bandwidth, security, etc.?

Sure, but only as I understand it.  The Cisco 675 is a DSL modem/
router so you must be a DSL bandwidth customer.  Typically the DSL
"DSLAM" concentrator devices use ethernet frames to communicate with
the customer DSL modems, over the DSL phone lines.

PPP mode uses PPPoE (PPP over Ethernet) to encapsulate PPP point-to-
point-link frames inside ethernet frames.   PPP is peer to peer.  The 
ethernet frames would contain your PPP frames, and the peers (your
675 and the DSLAM/ISP) would encapsulate the IP packets in PPP frames
which would be transmitted using ethernet frames.

Bridging mode simply takes all ethernet traffic on the ethernet port
and replicates it over the WAN interface, to the other end.  This
would mean that all broadcasts, etc. on the LAN would be replicated
over the DSL connection.  This is bad if the ethernet port of your
675 is connected to a hub with a bunch of chatty (Windows) computers
on the network, because the noise has to be replicated over the bridge
along with the useful traffic.  If there is only one computer 
connected to the LAN port of the 675, then you are fine.

Most PPP frames are not encrypted so there would not be a security
benefit to using PPPoE.  The ISP may prefer PPPoE because it allows
them to collect a username and password from you that may not be
available to them if you were talking to them via straight ethernet
bridging.  (Since you don't need a password to be an ethernet device
and have a MAC address on an ethernet network.)

As far as bandwidth, if you have only one computer connected to the
DSL modem (and especially if it's a well-behaved system like a Linux
system), I think you will get slightly more bandwidth using straight
bridging mode.  The PPP overhead, and processing required to encap-
sulate/decapsulate the PPP frames, will consume some of your band-
width, perhaps mostly by increasing latency.

> I am currently using an ISP with the 675 in PPP mode and, in spite of 
> having applied the 675 CBOS upgrade and redirecting the HTTP port, I 
> am still getting killed by the Code Red worm. Someone has suggested 
> that placing the 675 in the bridging mode will eliminate this 
> vulnerability. 

This may be correct, depending on the network setup.  If the 675 has
an internal IP address assigned to the ethernet port, then it won't
matter what the encapsulation method is for talking to the ISP, that
IP address is still going to be out there and accessible.

In CBOS can you do "no ip http-server" ?  I know very little about the
675, although I'm about to get DSL and I have a 675 I'm going to try
to use here.  If you can turn off the HTTP server that should work
around your problem.

> I talked to my ISP, who swears that the bridging mode is the worst 
> possible way to run this router, but I am not sure that I understand 
> their reasons because they sounded like so much double-talk. 

I also get suspicious at large amounts of hand-waving.  Hopefully my
explanation made sense, even if it isn't right.  I'm sure if it's
not right someone will correct me.

--
Jim Ockers (ockers@ockers.net)                     Ask me about Linux!
Contact info: please see http://www.ockers.net/

Fight Spam! Join CAUCE (Coalition Against Unsolicited Commercial Email)
at http://www.cauce.org/ .