North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: FW: Worms versus Bots
Nothing (except a good spanking -:)) can help in such case. We are not talking about static NAT and inbound connections. I told about dynamic PNAT _only_. > > Once upon a time, Alexei Roudnev <email@example.com> said: > > Any simple NAT (PNAT, to be correct) box decrease a chance of infection by > > last worms to 0. Just 0.0000%. > > The problem is that Joe User (or his kid) wants to run some random P2P > program without having to reconfigure NAT port mappings, so they have > all inbound connections mapped to a static internal IP. When the worms > come knocking, the connections go right through and the static IP system > gets infected, which then infects the Mom's computer, etc.; then you > have 2+ times as much worm traffic sourced from that single public IP > because there are multiple computers scanning. > > NAT does help if you just put necessary port mappings in place (and only > for "secure" protocols). > -- > Chris Adams <firstname.lastname@example.org> > Systems and Network Administrator - HiWAAY Internet Services > I don't speak for anybody but myself - that's enough trouble.