[70297] in North American Network Operators' Group
Re: FW: Worms versus Bots
daemon@ATHENA.MIT.EDU (Alexei Roudnev)
Fri May 7 13:43:50 2004
From: "Alexei Roudnev" <alex@relcom.net>
To: "Chris Adams" <cmadams@hiwaay.net>, <nanog@merit.edu>
Date: Fri, 7 May 2004 10:43:11 -0700
Errors-To: owner-nanog-outgoing@merit.edu
Nothing (except a good spanking -:)) can help in such case. We are not
talking about static NAT and inbound connections.
I told about dynamic PNAT _only_.
>
> Once upon a time, Alexei Roudnev <alex@relcom.net> said:
> > Any simple NAT (PNAT, to be correct) box decrease a chance of infection
by
> > last worms to 0. Just 0.0000%.
>
> The problem is that Joe User (or his kid) wants to run some random P2P
> program without having to reconfigure NAT port mappings, so they have
> all inbound connections mapped to a static internal IP. When the worms
> come knocking, the connections go right through and the static IP system
> gets infected, which then infects the Mom's computer, etc.; then you
> have 2+ times as much worm traffic sourced from that single public IP
> because there are multiple computers scanning.
>
> NAT does help if you just put necessary port mappings in place (and only
> for "secure" protocols).
> --
> Chris Adams <cmadams@hiwaay.net>
> Systems and Network Administrator - HiWAAY Internet Services
> I don't speak for anybody but myself - that's enough trouble.
