Re: [fw-wiz] IPv6 support in firewalls



I feel I could have substantiated it a few years ago.

Example: I had built a linux box for a network class
I was teaching at a local university, so I could show
them telnet, ssh, DNS, ftp, http, samba, etc.

I quickly (and stupidly (i.e. didn't harden it at all
and didn't put it behind a NAT device)) threw the box
together, and put it out on a routable IP address
outside my NAT device on my home network the morning
before the night class. Even before I even made it
to class, it was owned (via an RPC hack). Had I put it
behind a NAT device, and only allowed those services
I wanted to access, I would bet that it wouldn't have
been owned in less than 12 hours.

It seems to me that those writing the mal-code are on
to the idea that NAT devices are in place more and more
often, so they aren't wasting time trying to get code
past them.

Stupid users, who click on an unknown .exe are a good
enough vector to exploit, as you are seeing today...

Jeff

On Monday, August 27, 2007 3:51 PM, Paul D. Robertson wrote:

At least with a NAT device (at this point in Internet history),
the home-user has a better chance of remaining "un-hacked"
than they would if they hooked their PC directly up to the
Internet w/o such a device.

Can you substantiate that? Because the vectors I'm seeing on home PCs
aren't traditional network worm vectors, they're Web and E-mail-based
malcode that gets in regardless of any NAT. All the network stuff I'm
seeing is connecting out (IRC, HTTP.)
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [fw-wiz] IPv6 support in firewalls
    ... I had built a linux box for a network class ... and didn't put it behind a NAT device)) threw the box ... Speed of compromise is different than compromise or not. ... It's easy to fix the network, it's much more difficult to fix the ...
    (Firewall-Wizards)
  • Re: suggestions on router w/firewall
    ... >I will not trust my networks to a simple NAT device at any time. ... >network and rejecting anything that is not set in a rule. ... I will never consider them to be firewalls. ... NAT router to the firewall with application proxies. ...
    (comp.security.firewalls)
  • Re: suggestions on router w/firewall
    ... >>I will not trust my networks to a simple NAT device at any time. ... >>network and rejecting anything that is not set in a rule. ... > NAT router to the firewall with application proxies. ... and not all firewalls have application proxies... ...
    (comp.security.firewalls)
  • Re: Remote Desktop
    ... a NAT device (Network Address Translation). ... as the client and contact the desktop; ...
    (microsoft.public.windowsxp.general)
  • Re: Networking is Messed Up
    ... Both our office network and my home network are simple "workgroups", ... Use a proxy server for your LAN. ... You may have winsock problem, WinSock is damaged or corrupt after disconnect ...
    (microsoft.public.windowsxp.network_web)