From: Alexei Roudnev (no email)
Date: Fri May 07 2004 - 13:43:11 EDT
Nothing (except a good spanking -:)) can help in such case. We are not
talking about static NAT and inbound connections.
I told about dynamic PNAT _only_.
>
> Once upon a time, Alexei Roudnev <> said:
> > Any simple NAT (PNAT, to be correct) box decrease a chance of infection
by
> > last worms to 0. Just 0.0000%.
>
> The problem is that Joe User (or his kid) wants to run some random P2P
> program without having to reconfigure NAT port mappings, so they have
> all inbound connections mapped to a static internal IP. When the worms
> come knocking, the connections go right through and the static IP system
> gets infected, which then infects the Mom's computer, etc.; then you
> have 2+ times as much worm traffic sourced from that single public IP
> because there are multiple computers scanning.
>
> NAT does help if you just put necessary port mappings in place (and only
> for "secure" protocols).
> --
> Chris Adams <>
> Systems and Network Administrator - HiWAAY Internet Services
> I don't speak for anybody but myself - that's enough trouble.
|
|
|