Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: FW: Worms versus Bots

  • From: Jeff Shultz
  • Date: Fri May 07 11:45:21 2004

** Reply to message from Chris Adams <cmadams@hiwaay.net> on Fri, 7 May
2004 09:45:36 -0500

> Once upon a time, Alexei Roudnev <alex@relcom.net> said:
> > Any simple NAT (PNAT, to be correct) box decrease a chance of infection by
> > last worms to 0. Just 0.0000%.
> 
> The problem is that Joe User (or his kid) wants to run some random P2P
> program without having to reconfigure NAT port mappings, so they have
> all inbound connections mapped to a static internal IP.  When the worms
> come knocking, the connections go right through and the static IP system
> gets infected, which then infects the Mom's computer, etc.; then you
> have 2+ times as much worm traffic sourced from that single public IP
> because there are multiple computers scanning.

If Joe (L)User  or his kid sets up his NAT that way... well, quite
honestly he gets what he deserves. Protecting against active,
deliberate stupidty is probably more than my job description coveres. I
do get paid to clean up the mess afterwards however. And in at least
one case I have set it up for a customer that they are behind a NAT
that they can't reconfigure - 3 strikes and I was out of patience. 

But I suggest that in my experience the above sort of thing is
relatively rare. 

> 
> NAT does help if you just put necessary port mappings in place (and only
> for "secure" protocols).

I don't know about that last part - do you consider http and ftp to be
secure protocols?

-- 
Jeff Shultz
A railfan pulls up to a grade crossing hoping that
there will be a train. 





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.