Anit-Virus help for all of us??????
Stephen J. Wilcox
steve at telecomplete.co.uk
Mon Nov 24 21:50:48 UTC 2003
On Mon, 24 Nov 2003, Gerardo Gregory wrote:
> > # Machine behind NAT while it is being updated
>
> NAT is not a security feature, neither does it provide any real
> security, just one to one translations. PAT fall into the same
> category. Just cause your broadband router (ahem, switch) vendor states
> that NAT (in reality PAT) as one of their security 'knobs' does not make
> it in any way a security feature when implemented. Only thing that
> might benefit is IPv4 address space.
>
> Make a NAT Translation to a workstation (nothing else) and see if you
> can still carryout some of the exploits making the rounds.
Nor does it stop the user inviting an exploit to run on their PC, eg web
download, email attachment.. based on seeing plenty of virused/exploited
machines at companies I've worked at which all had AV, FW, NAT etc they still
had the human factor who would override a warning because they got sent what
looks like a joke email with an attached .scr that later turns out to be a new
virus/worm..
Steve
More information about the NANOG
mailing list