[70292] in North American Network Operators' Group
Re: FW: Worms versus Bots
daemon@ATHENA.MIT.EDU (Chris Adams)
Fri May 7 10:46:59 2004
Date: Fri, 7 May 2004 09:45:36 -0500
From: Chris Adams <cmadams@hiwaay.net>
To: nanog@merit.edu
Mail-Followup-To: Chris Adams <cmadams@hiwaay.net>, nanog@merit.edu
In-Reply-To: <00b701c433f1$02f5bad0$6401a8c0@alexh>
Errors-To: owner-nanog-outgoing@merit.edu
Once upon a time, Alexei Roudnev <alex@relcom.net> said:
> Any simple NAT (PNAT, to be correct) box decrease a chance of infection by
> last worms to 0. Just 0.0000%.
The problem is that Joe User (or his kid) wants to run some random P2P
program without having to reconfigure NAT port mappings, so they have
all inbound connections mapped to a static internal IP. When the worms
come knocking, the connections go right through and the static IP system
gets infected, which then infects the Mom's computer, etc.; then you
have 2+ times as much worm traffic sourced from that single public IP
because there are multiple computers scanning.
NAT does help if you just put necessary port mappings in place (and only
for "secure" protocols).
--
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
