![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: Anit-Virus help for all of us??????
From: Gerardo Gregory <ggregory () affinitas net>
Date: Mon, 24 Nov 2003 15:20:59 -0600
Suresh Ramasubramanian wrote:
Valdis.Kletnieks () vt edu writes on 11/24/2003 3:43 PM:Question: What speed access is needed to guarantee "mean time to downloadpatches" is significantly less than "mean time to probed by packet-to-0wn" (significantly == 20x lower still gives a 5% chance of getting 0wned whilepatching)?That'd have to be very fast indeed, given that only one windows update mirror is used at a time, and patches are downloaded and applied in sequence.Two ways to get at least some safety - # Machine behind NAT while it is being updated
NAT is not a security feature, neither does it provide any real security, just one to one translations. PAT fall into the same category. Just cause your broadband router (ahem, switch) vendor states that NAT (in reality PAT) as one of their security 'knobs' does not make it in any way a security feature when implemented. Only thing that might benefit is IPv4 address space.
Make a NAT Translation to a workstation (nothing else) and see if you can still carryout some of the exploits making the rounds.
NAT and PAT do not prohibit any TCP/UDP connections to egress.Most broadband providers still perform a NAT translation downstream, is it helping alleviate any of the attacks/compromises? NOT!!!!!
# Patches preferably downloaded onto a CD and applied offline
I know Microsoft has a product that allows you to donwload patches to a centralized server (within your infrastructure) and let's you patch your internal systems from it. Heard our MS admins talking about it a while back....
-- Gerardo A. Gregory
Current thread:
- Re: Anit-Virus help for all of us??????, (continued)
- Re: Anit-Virus help for all of us?????? Suresh Ramasubramanian (Nov 24)
- Re: Anit-Virus help for all of us?????? Sean Donelan (Nov 24)
- Re: Anit-Virus help for all of us?????? Ryan Dobrynski (Nov 25)
- RE: Anit-Virus help for all of us?????? Vivien M. (Nov 25)
- RE: Anit-Virus help for all of us?????? Wojtek Zlobicki (Nov 25)
- Re: Anit-Virus help for all of us?????? Valdis . Kletnieks (Nov 25)
- Re: Anit-Virus help for all of us?????? Petri Helenius (Nov 24)
- Re: Anit-Virus help for all of us?????? Valdis . Kletnieks (Nov 24)
- Re: Anit-Virus help for all of us?????? Petri Helenius (Nov 24)
- Re: Anit-Virus help for all of us?????? Suresh Ramasubramanian (Nov 24)
- Re: Anit-Virus help for all of us?????? Gerardo Gregory (Nov 24)
- Re: Anit-Virus help for all of us?????? Suresh Ramasubramanian (Nov 24)
- Re[2]: Anit-Virus help for all of us?????? Richard Welty (Nov 24)
- Re: Re[2]: Anit-Virus help for all of us?????? Alexei Roudnev (Nov 24)
- Re: Anit-Virus help for all of us?????? Valdis . Kletnieks (Nov 24)
- Re: Anit-Virus help for all of us?????? Gerardo Gregory (Nov 24)
- Re: Anit-Virus help for all of us?????? Scott Call (Nov 24)
- Re: Anit-Virus help for all of us?????? Stephen J. Wilcox (Nov 24)
- Re: Anit-Virus help for all of us?????? Valdis . Kletnieks (Nov 24)
- Re: Anit-Virus help for all of us?????? William Allen Simpson (Nov 24)
- Re: Anit-Virus help for all of us?????? Stephen J. Wilcox (Nov 25)