Re: Block all servers?

[Petri Helenius <pete () he iki fi>]

Terry Baranski wrote:

> That being said, NAT does break stuff and as has been mentioned,
> filtering is certainly possible without having to bring NAT into the
> mix.  Microsoft assures us that the Windows firewall will be enabled by
> default starting with WinXP patches early next year.  How easy will it
> be to turn it off?  Will a virus be able to do it for you?
>  
I would expect most new sophisticated trojans to include this 
functionality. Most home
users run their WinXP with "Local Administrator" rights anyway because 
othervise many
activities would be more complicated to accomplish. Many turn off AV 
products already.

I would also expect the sophisticated trojans to include NATPT like 
funcitionality when
it becomes neccessary to accumulate the needed number of zombies for 
effective
DDoS and other distruptive activities. We already see them utilizing the 
local
SMTP configuration on the machine to use the relays the user is supposed to.

The Road Ahead is to make DDoS and abuse mitigation more efficient
and put some real security into the application architechtures without 
making them unusable.

Pete


Pete