Re: [fw-wiz] IPv6 support in firewalls



I feel I could have substantiated it a few years ago.

Example: I had built a linux box for a network class
I was teaching at a local university, so I could show
them telnet, ssh, DNS, ftp, http, samba, etc.

I quickly (and stupidly (i.e. didn't harden it at all
and didn't put it behind a NAT device)) threw the box
together, and put it out on a routable IP address
outside my NAT device on my home network the morning
before the night class. Even before I even made it
to class, it was owned (via an RPC hack). Had I put it
behind a NAT device, and only allowed those services
I wanted to access, I would bet that it wouldn't have
been owned in less than 12 hours.

It seems to me that those writing the mal-code are on
to the idea that NAT devices are in place more and more
often, so they aren't wasting time trying to get code
past them.

Stupid users, who click on an unknown .exe are a good
enough vector to exploit, as you are seeing today...

Jeff

On Monday, August 27, 2007 3:51 PM, Paul D. Robertson wrote:

At least with a NAT device (at this point in Internet history),
the home-user has a better chance of remaining "un-hacked"
than they would if they hooked their PC directly up to the
Internet w/o such a device.

Can you substantiate that? Because the vectors I'm seeing on home PCs
aren't traditional network worm vectors, they're Web and E-mail-based
malcode that gets in regardless of any NAT. All the network stuff I'm
seeing is connecting out (IRC, HTTP.)
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards