FW: Worms versus Bots

william(at)elan.net william at elan.net
Wed May 5 12:53:23 UTC 2004


On Wed, 5 May 2004 Michael.Dillon at radianz.com wrote:

> > (To deflect the inevitable "NAT is not a firewall" complaints, the box 
> is a 
> > stateful inspection firewall -- as all NAT boxes actually are). 
> 
> Hmmm, are you saying that the solution to many so-called
> Internet security vulnerabilities is for people to
> use an SI Firewall, aka Simple, Inexpensive Firewall,
> aka Stateful Inspection Firewall?

Its not a real solution, its just goes long way to reduce number of infections
and how quickly some worms can spread (although NAT would have no efffect 
on spread of viruses by email so human factor is primary problem).

> One wonders why the DSL/cable router manufacturers
> haven't caught on to this idea before now.

Its not manufacturers who did not caught up (in fact they did and offer
very inexpensive personal dsl routers goes all the way to $20 range), its
DSL providers who still offer free dsl modem (device at least twice more
expensive then router) and free network card and complex and instructions 
on how to set this all up on each different type of pc. No clue at all
that it would be only very marginally more expensive for them to integrate
features of such small nat router into dsl modem and instead of offering
PPPoverEthernet it could just offer NAT and DHCP and make it so much simpler
for many of those lusers with only light computer skills to set this all up.

-- 
William Leibzon
Elan Networks
william at elan.net




More information about the NANOG mailing list