North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: FW: Worms versus Bots
Any simple NAT (PNAT, to be correct) box decrease a chance of infection by last worms to 0. Just 0.0000%. O course, it does not protects very well from intentional attacks, and do not protect against e-mail bombs and java script exploints. In reality, having WIN2K after NAT box 100% time connected to internet is safer, than to have Windows with all patches installed every day, directly connected. Reason is simple: - when system after Win2K do not initiate internet connections, it is 100% safe; - when such system initiates internet connections, it expose only client-side ports and is not volnurable to any scans etc; So, I agree - NAT box is the very first _mandatiory_ thing at home; all other (fiorewaall etc) are not necessary fro most homehouses at all (but antiviruses are, if you have e-mail or use web). > > > On Wed, 5 May 2004 [email protected] wrote: > > > > (To deflect the inevitable "NAT is not a firewall" complaints, the box > > is a > > > stateful inspection firewall -- as all NAT boxes actually are). > > > > Hmmm, are you saying that the solution to many so-called > > Internet security vulnerabilities is for people to > > use an SI Firewall, aka Simple, Inexpensive Firewall, > > aka Stateful Inspection Firewall? > > Its not a real solution, its just goes long way to reduce number of infections > and how quickly some worms can spread (although NAT would have no efffect > on spread of viruses by email so human factor is primary problem). > > > One wonders why the DSL/cable router manufacturers > > haven't caught on to this idea before now. > > Its not manufacturers who did not caught up (in fact they did and offer > very inexpensive personal dsl routers goes all the way to $20 range), its > DSL providers who still offer free dsl modem (device at least twice more > expensive then router) and free network card and complex and instructions > on how to set this all up on each different type of pc. No clue at all > that it would be only very marginally more expensive for them to integrate > features of such small nat router into dsl modem and instead of offering > PPPoverEthernet it could just offer NAT and DHCP and make it so much simpler > for many of those lusers with only light computer skills to set this all up. > > -- > William Leibzon > Elan Networks > [email protected] >
|