North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: FW: Worms versus Bots

  • From: Alexei Roudnev
  • Date: Fri May 07 13:45:18 2004

Nothing (except a good spanking -:)) can help in such case. We are not
talking about static NAT and inbound connections.
I told about dynamic PNAT _only_.

>
> Once upon a time, Alexei Roudnev <alex@relcom.net> said:
> > Any simple NAT (PNAT, to be correct) box decrease a chance of infection
by
> > last worms to 0. Just 0.0000%.
>
> The problem is that Joe User (or his kid) wants to run some random P2P
> program without having to reconfigure NAT port mappings, so they have
> all inbound connections mapped to a static internal IP.  When the worms
> come knocking, the connections go right through and the static IP system
> gets infected, which then infects the Mom's computer, etc.; then you
> have 2+ times as much worm traffic sourced from that single public IP
> because there are multiple computers scanning.
>
> NAT does help if you just put necessary port mappings in place (and only
> for "secure" protocols).
> -- 
> Chris Adams <cmadams@hiwaay.net>
> Systems and Network Administrator - HiWAAY Internet Services
> I don't speak for anybody but myself - that's enough trouble.