North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: FW: Worms versus Bots
- From: Alexei Roudnev
- Date: Fri May 07 01:08:57 2004
Any simple NAT (PNAT, to be correct) box decrease a chance of infection by
last worms to 0. Just 0.0000%.
O course, it does not protects very well from intentional attacks, and do
not protect against e-mail bombs and
java script exploints.
In reality, having WIN2K after NAT box 100% time connected to internet is
safer, than to have Windows with all patches
installed every day, directly connected. Reason is simple:
- when system after Win2K do not initiate internet connections, it is 100%
- when such system initiates internet connections, it expose only
client-side ports and is not volnurable to any scans etc;
So, I agree - NAT box is the very first _mandatiory_ thing at home; all
other (fiorewaall etc) are not necessary fro most homehouses at all (but
antiviruses are, if you have e-mail or use web).
> On Wed, 5 May 2004 Michael.Dillon@radianz.com wrote:
> > > (To deflect the inevitable "NAT is not a firewall" complaints, the box
> > is a
> > > stateful inspection firewall -- as all NAT boxes actually are).
> > Hmmm, are you saying that the solution to many so-called
> > Internet security vulnerabilities is for people to
> > use an SI Firewall, aka Simple, Inexpensive Firewall,
> > aka Stateful Inspection Firewall?
> Its not a real solution, its just goes long way to reduce number of
> and how quickly some worms can spread (although NAT would have no efffect
> on spread of viruses by email so human factor is primary problem).
> > One wonders why the DSL/cable router manufacturers
> > haven't caught on to this idea before now.
> Its not manufacturers who did not caught up (in fact they did and offer
> very inexpensive personal dsl routers goes all the way to $20 range), its
> DSL providers who still offer free dsl modem (device at least twice more
> expensive then router) and free network card and complex and instructions
> on how to set this all up on each different type of pc. No clue at all
> that it would be only very marginally more expensive for them to integrate
> features of such small nat router into dsl modem and instead of offering
> PPPoverEthernet it could just offer NAT and DHCP and make it so much
> for many of those lusers with only light computer skills to set this all
> William Leibzon
> Elan Networks