Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: FW: Worms versus Bots

  • From: Chris Adams
  • Date: Fri May 07 10:50:04 2004

Once upon a time, Alexei Roudnev <alex@relcom.net> said:
> Any simple NAT (PNAT, to be correct) box decrease a chance of infection by
> last worms to 0. Just 0.0000%.

The problem is that Joe User (or his kid) wants to run some random P2P
program without having to reconfigure NAT port mappings, so they have
all inbound connections mapped to a static internal IP.  When the worms
come knocking, the connections go right through and the static IP system
gets infected, which then infects the Mom's computer, etc.; then you
have 2+ times as much worm traffic sourced from that single public IP
because there are multiple computers scanning.

NAT does help if you just put necessary port mappings in place (and only
for "secure" protocols).
-- 
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.