nanog mailing list archives
Re: FW: Worms versus Bots
From: Chris Adams <cmadams () hiwaay net>
Date: Fri, 7 May 2004 09:45:36 -0500
Once upon a time, Alexei Roudnev <alex () relcom net> said:
Any simple NAT (PNAT, to be correct) box decrease a chance of infection by last worms to 0. Just 0.0000%.
The problem is that Joe User (or his kid) wants to run some random P2P program without having to reconfigure NAT port mappings, so they have all inbound connections mapped to a static internal IP. When the worms come knocking, the connections go right through and the static IP system gets infected, which then infects the Mom's computer, etc.; then you have 2+ times as much worm traffic sourced from that single public IP because there are multiple computers scanning. NAT does help if you just put necessary port mappings in place (and only for "secure" protocols). -- Chris Adams <cmadams () hiwaay net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Current thread:
- Re: Worms versus Bots, (continued)
- Re: Worms versus Bots Rick Ernst (May 11)
- RE: Worms versus Bots Eric Krichbaum (May 04)
- RE: FW: Worms versus Bots Smith, Donald (May 04)
- RE: FW: Worms versus Bots Sean Donelan (May 04)
- RE: FW: Worms versus Bots Daniel Senie (May 04)
- RE: FW: Worms versus Bots Michael . Dillon (May 05)
- RE: FW: Worms versus Bots william(at)elan.net (May 05)
- Re: Worms versus Bots Matthew Crocker (May 05)
- Re: FW: Worms versus Bots Robert E. Seastrom (May 05)
- Re: FW: Worms versus Bots Alexei Roudnev (May 06)
- Re: FW: Worms versus Bots Chris Adams (May 07)
- Re: FW: Worms versus Bots Jeff Shultz (May 07)
- Re: FW: Worms versus Bots Alexei Roudnev (May 07)
- RE: FW: Worms versus Bots Sean Donelan (May 04)
- Message not available
- RE: FW: Worms versus Bots Daniel Senie (May 04)
- RE: FW: Worms versus Bots Rob Nelson (May 04)
- Re: Worms versus Bots Iljitsch van Beijnum (May 06)
- Re: Worms versus Bots Valdis . Kletnieks (May 06)