[70353] in North American Network Operators' Group
Re: Worms versus Bots
daemon@ATHENA.MIT.EDU (Rick Ernst)
Tue May 11 13:12:18 2004
Date: Tue, 11 May 2004 09:55:05 -0700 (PDT)
From: Rick Ernst <erond@legendz.com>
To: Chris Woodfield <rekoil@semihuman.com>
Cc: nanog@merit.edu
In-Reply-To: <20040511164131.GD5194@semihuman.com>
Errors-To: owner-nanog-outgoing@merit.edu
While following the thread, I did a bit of Googling, then browsing 3Com's
site:
http://www.3com.com/products/en_US/detail.jsp?tab=features&pathtype=purchase&sku=3CRFW200B
On-NIC firewall w/remote management.
On Tue, 11 May 2004, Chris Woodfield wrote:
:>Simple solution...build the on-NIC firewall to not use uPnP, or at least require
:>a password before changing rulesets. :)
:>
:>Seriously, this is such a stupidly simple solution that I'm amazed no one's attempted
:>to make a product out of it yet.
:>
:>-C
:>
:>On Tue, May 11, 2004 at 12:21:29PM -0400, Valdis.Kletnieks@vt.edu wrote:
:>> On Tue, 11 May 2004 11:38:33 EDT, Chris Woodfield said:
:>>
:>> > A better solution would be a NIC with a built-in SI firewall...manageable from a host
:>> > app, but physically separate from the OS running on the PC.
:>>
:>> Gaak. No. ;)
:>>
:>> What's the point of a firewall, if the first piece of malware that does manage
:>> to sneak in (via a file-sharing program, or a webpage that installs malware, or
:>> an "ooh! Shiny!" email attachment) just does the network Plug-N-Play call to
:>> tell the firewall "Shield DOWN!"?
:>>
:>
:>
:>
