Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: FW: Worms versus Bots

  • From: Alexei Roudnev
  • Date: Fri May 07 01:08:57 2004

Any simple NAT (PNAT, to be correct) box decrease a chance of infection by
last worms to 0. Just 0.0000%.
O course, it does not protects very well from intentional attacks, and do
not protect against e-mail bombs and
java script exploints.

In reality, having WIN2K after NAT box 100% time connected to internet is
safer, than to have Windows with all patches
installed every day, directly connected. Reason is simple:
- when system after Win2K do not initiate internet connections, it is 100%
- when such system initiates internet connections, it expose only
client-side ports and is not volnurable to any scans etc;

So, I agree - NAT box is the very first _mandatiory_ thing at home; all
other (fiorewaall etc) are not necessary fro most homehouses at all (but
antiviruses are, if you have e-mail or use web).

> On Wed, 5 May 2004 wrote:
> > > (To deflect the inevitable "NAT is not a firewall" complaints, the box
> > is a
> > > stateful inspection firewall -- as all NAT boxes actually are).
> >
> > Hmmm, are you saying that the solution to many so-called
> > Internet security vulnerabilities is for people to
> > use an SI Firewall, aka Simple, Inexpensive Firewall,
> > aka Stateful Inspection Firewall?
> Its not a real solution, its just goes long way to reduce number of
> and how quickly some worms can spread (although NAT would have no efffect
> on spread of viruses by email so human factor is primary problem).
> > One wonders why the DSL/cable router manufacturers
> > haven't caught on to this idea before now.
> Its not manufacturers who did not caught up (in fact they did and offer
> very inexpensive personal dsl routers goes all the way to $20 range), its
> DSL providers who still offer free dsl modem (device at least twice more
> expensive then router) and free network card and complex and instructions
> on how to set this all up on each different type of pc. No clue at all
> that it would be only very marginally more expensive for them to integrate
> features of such small nat router into dsl modem and instead of offering
> PPPoverEthernet it could just offer NAT and DHCP and make it so much
> for many of those lusers with only light computer skills to set this all
> -- 
> William Leibzon
> Elan Networks

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.