Just 12 minutes

[David H. Lipman]

|
| Thats like saying your house is burgal proof and inviting me to burgal
| it to prove you wrong.
|
| My IP address has been in my reply for the last ten years, and I have
| not suffered any infections really, one or two possible incidents but
| these were no doubt caused by my careless use of the internet or were
| merely over zealous antivirus software reports.
| I am sure there are many people using NAT routers who had serious problems
| with viruses. I certaintly have not and certaintly nothting that a NAT
| router would have
| prevented. I can guarantee you that.
|
| But anyway you have avoided the question as to how you are
| protected, asking me to prove you are not an adaquate answer, it
| suggests you don't know.
|
| All you router is doing is routing the traffic to your computer, it has no
| more
| idea whether that traffic is a 'virus' or not.
|
| Anyway there are a lot of 12 minutes in the time I have been connected to
| to the interenet, and I don't appear to have acquired my yearly alloction
| of 43,000 viruses, in fact I should be up to the 1/2 million mark my now!!
| Or maybe I have!! Maybe that is why my hard drive is nearly full :O)
|

I have posted numerous times about the use of FireWall appliance and NAT Routers. Find and
read them.

If you probe my IP you won't find out anything.
Why ?
Because the Router has ports specifically blocked and only on invites from the LAN side will
WAN access get through the WAN/LAN barrier. The Routers enforcement through simplistic
FireWall constructs and Network Address Translation is far superior then attempting to close
ports on nodes on the LAN side.

I look forward to seeing activity from NTL Internet Ltd.

 

[Lord Turkey Cough]

|
| Thats like saying your house is burgal proof and inviting me to burgal
| it to prove you wrong.
|
| My IP address has been in my reply for the last ten years, and I have
| not suffered any infections really, one or two possible incidents but
| these were no doubt caused by my careless use of the internet or were
| merely over zealous antivirus software reports.
| I am sure there are many people using NAT routers who had serious
problems
| with viruses. I certaintly have not and certaintly nothting that a NAT
| router would have
| prevented. I can guarantee you that.
|
| But anyway you have avoided the question as to how you are
| protected, asking me to prove you are not an adaquate answer, it
| suggests you don't know.
|
| All you router is doing is routing the traffic to your computer, it has
no
| more
| idea whether that traffic is a 'virus' or not.
|
| Anyway there are a lot of 12 minutes in the time I have been connected
to
| to the interenet, and I don't appear to have acquired my yearly
alloction
| of 43,000 viruses, in fact I should be up to the 1/2 million mark my
now!!
| Or maybe I have!! Maybe that is why my hard drive is nearly full :O)
|

I have posted numerous times about the use of FireWall appliance and NAT
Routers. Find and
read them.

If you probe my IP you won't find out anything.
Why ?

Computer off line due to a virus infection?

Because the Router has ports specifically blocked

However without some open ports you cannot use the internet.

and only on invites from the LAN side will
WAN access get through the WAN/LAN barrier. The Routers enforcement
through simplistic
FireWall constructs and Network Address Translation is far superior then
attempting to close
ports on nodes on the LAN side.

No it is effecively the same thing.

I look forward to seeing activity from NTL Internet Ltd.

Either that or an annomouuus proxy anyway.

Anyway I am not a hacker so it is pointless asking me to hack you,
so if you want to be tested you better ask more widely, prehaps in a
'hackers'
group and see how you get on.

Or you could go to one of many sites which will test you open ports.
I have just had all my 'ports tested' and I passed with flying colours.
Perhaps you would like to give it a try too???

https://www.grc.com/x/ne.dll?bh0bkyd2

So..... what extra is a router going to offer me? (Apart from extra cost).

Of course you need to test you router is secure too ;O)

Some what more difficult me thinks :O|

 

[Lord Turkey Cough]

Worms that spread by taking advantage of exploits in software listening to
tcp/udp ports are blocked by the router.


When you use a properly configured router, all incoming traffic is
blocked,
unless it's in response to an outgoing packet.

Ah so its the same as my computer then!! Interestinig!!

The router has to be configured,
to allow traffic for the ports where you do want incoming traffic, to be
allowed.

Bit like my comp :O)

For example, if you are running an http server, you would have to setup
the
router to forward all data coming in to port 80, to forward it to the
computer with the server running.

Your web browser will still work, because it is initiating the connection,
by sending a tcp syn packet, that the router will allow responses to.

You'll still have to keep your software, that accesses the internet
updated,
but you no longer have to worry about printer&file sharing, for example.

You can think of the nat router, as a hardware firewall, for incoming
traffic. Like the windows firewall, it does nothing to help with
connections
established by software, on your computer.

I have had my securirty tested and passed with flying colours, I don't
use windows firewall I use another. I would sooner but my balls into
the mouth of a rotweiller than use a windows product for security.
And no I am not into beatiality.

AS far as I can see a router offers me nowt, infact I think relying on one
for security is the height of folly.

 

[David W. Hodgins]

However without some open ports you cannot use the internet.

This is not correct. Open ports are used by servers, to allow clients
to establish a connection. If you are not running any servers, that
you want to have accessible, from the internet, then you do not need
any open incoming ports. Incoming traffic will still be allowed, but
only when it is in response to outgoing traffic. For most home computers,
the only case where an open incoming port is usually needed, is for p2p
software.

Regards, Dave Hodgins

 

[David W. Hodgins]

I have had my securirty tested and passed with flying colours, I don't
use windows firewall I use another. I would sooner but my balls into
the mouth of a rotweiller than use a windows product for security.
And no I am not into beatiality.

Lol. At least we agree on something . I use linux, and only run M$
in a virtual box, where it's protected by the linux firewall.

AS far as I can see a router offers me nowt, infact I think relying on one
for security is the height of folly.

It's another layer of security. Firewalls have been found to have security
holes, in the past. Using the router stops the packets from even hitting
your computer, unless they're coming from an infected computer connected
to the same router.

Regards, Dave Hodgins

 

[Lord Turkey Cough]

This is not correct.

Yes it is unless you just want to send data, which is rather pointless
inmost instances.

Open ports are used by servers, to allow clients
to establish a connection.

And by other programs to communicate.

If you are not running any servers, that
you want to have accessible, from the internet, then you do not need
any open incoming ports.

Except for programs which need to accept data.

Incoming traffic will still be allowed, but
only when it is in response to outgoing traffic.

Yes.....you're getting there....

For most home computers,
the only case where an open incoming port is usually needed, is for p2p
software.

Exactly. Any your firewall will take care of that.

Unless it is a hardware router with an exploit in in which cannot be fixed
by an uupdate, such as NAT router

Regards, Dave Hodgins

Doesn't yur NAT router take care of that :O)

 

[David W. Hodgins]

Exactly. Any your firewall will take care of that.

Having a nat router is an extra layer of security. If your firewall has an
exploit, the router can protect it. If the router has an exploit, the firewall
will protect your computer.

Doesn't yur NAT router take care of that :O)

Heh. heh. The swen email worm made me do that, as it was filling my inbox at
my isp in less than two hours, till I started running my computer 24/7 with a
filter to id and delete the worms, without having to download them. I couldn't
download them as fast at they were arriving at my isp, at the time. Prior to
that I did not filter email at all, and used the arriving spam and viruses to
analyze them and report back to the senders isp. While the swen email worm
is very rare now, I figure it's only a matter of time till another worm uses
a similar method.

Regards, Dave Hodgins

 

[James Egan]

Heh. heh. The swen email worm made me do that, as it was filling my inbox at
my isp in less than two hours, till I started running my computer 24/7 with a
filter to id and delete the worms, without having to download them. I couldn't
download them as fast at they were arriving at my isp, at the time.

It's ironic that the vx purists who used to post to acv thought
conciseness of code to be of real importance yet swen caused a major
headache not because of its exceptional coding but because of its
bulk.

I think a lot of people got email accounts with server side filtering
after that. Often at an extra cost


Jim.

 

[Kerry Brown]

Do you really believe this? I think you are deluding yourself here.
I don't really see what protection your router is giving you.
Would you care to explain how it protects you?
Explaintions such as "Well I am using a NAT router" don't really qualify
as the
arguement is kind of circular."

In the context of the OP a NAT router will mitigate the threats. The
question was about exposing an unpatched version of XP directly to the
Internet. There are worms that will take advantage of a system in this
state. A NAT router is adequate to stop these threats while you download and
install the needed updates. If you plan on surfing to porn and warez sites
then probably nothing is adequate.

 

[David H. Lipman]

From: "Lord Turkey Cough" <[email protected]>

I stated...
"If you probe my IP you won't find out anything."

You eplied...
"Computer off line due to a virus infection?"

Not even close. It is because my Router is locked down, wob't respond to 'pings', Telnet,
TFTP or other atempts at communication. When you see the WAN address you can't see the
non-routable private address scheme of 192.168.x.y and the Router will NOT translate that
WAN to LAN address from the POV of the Internet.

Your conclusions in this thread are faulty to say the least and I am not going to hash and
rehash answers to try to convince you otherwise.

Please take the time to research this subject matter. If you do you will learn that due to
simplistic FireWall constructs found in NAT Routers and specifically Network address
Translation nodes from the POV of the Internet can not simply access nodes on the LAN side.
Additionally you will learn the software based FireWalls are placebos when compared to an PC
(even with open ports) that are behind a NAT Router or a Router with a full FireWall
implementation.

 

[Lord Turkey Cough]

From: "Lord Turkey Cough" <[email protected]>

I stated...
"If you probe my IP you won't find out anything."

You eplied...
"Computer off line due to a virus infection?"

Not even close. It is because my Router is locked down, wob't respond to
'pings', Telnet,
TFTP or other atempts at communication.

How quaint, neither will mine.
If fact you will find it hard to find a computer at my IP adress at all.

When you see the WAN address you can't see the
non-routable private address scheme of 192.168.x.y and the Router will NOT
translate that
WAN to LAN address from the POV of the Internet.

Your conclusions in this thread are faulty to say the least and I am not
going to hash and
rehash answers to try to convince you otherwise.

Better no do cos you will look very silly when I prove you wronog.

Please take the time to research this subject matter.

An ironic statement if ever iheard one.

If you do you will learn that due to
simplistic FireWall constructs found in NAT Routers and specifically
Network address
Translation nodes from the POV of the Internet can not simply access nodes
on the LAN side.
Additionally you will learn the software based FireWalls are placebos when
compared to an PC
(even with open ports) that are behind a NAT Router or a Router with a
full FireWall
implementation.

Largly piffle.
Do some real resaerch instad of parroting something you found on the the net
or repeatiing a salesmans prattle

 

[Ant]

LOL yes as long as your are not connected to the internet which kind of
defeats the object.

Read the original question again.

Why not get well protected and unplug your modem etc???

Read my other post in this thread.

You have gazillions of other software acessing the interenet when you
you do use the internet that can be infected.

No I don't. Those that do are configured properly.

You are just bocking one hole in a culander. Rather pointless.

I block other things too.

 

[Lord Turkey Cough]

Read the original question again.

REad my posts gain.

Read my other post in this thread.

REad my previous posts first.

No I don't. Those that do are configured properly.


I block other things too.

Your intelligene apparently?

 

[David H. Lipman]

From: "Lord Turkey Cough" <[email protected]>

|
|
| How quaint, neither will mine.
| If fact you will find it hard to find a computer at my IP adress at all.
||
| Better no do cos you will look very silly when I prove you wronog.
||
| An ironic statement if ever iheard one.
||
| Largly piffle.
| Do some real resaerch instad of parroting something you found on the the net
| or repeatiing a salesmans prattle
|

< plonk >

 

[Lord Turkey Cough]

From: "Lord Turkey Cough" <[email protected]>

|

|
| How quaint, neither will mine.
| If fact you will find it hard to find a computer at my IP adress at all.
|
|
| Better no do cos you will look very silly when I prove you wronog.
|
|
| An ironic statement if ever iheard one.
|
|
| Largly piffle.
| Do some real resaerch instad of parroting something you found on the the
net
| or repeatiing a salesmans prattle
|

Ah running away when the going gets abit hot for you eh?
You still have no provided adaquate answers to my questions so that
is no surprise.
Were are the 48,000 virus infections I should be having, you didn't quite
manage to a address that one either, just concentrated on making
up as many acronymns as you can, oh and yes placeabos, how posh.

 

[Ant]

REad my posts gain.

No point. There was nothing of value there the first time. You're
obviously a newbie and a troll.

 

[Lord Turkey Cough]

No point. There was nothing of value there the first time. You're
obviously a newbie and a troll.

No quite the opposite, you are either an idiot or a troll, if I had
to put my money on either I think I would tend to go for the fromer
but it's obviously a tough call and chances are you are a bit of both.

 

[Virus Guy]

I'm sure many here are very familiar with the notion that there
is "a 50% chance of being infected by an internet worm in just
12 minutes of being online using an unprotected, unpatched
Windows PC."

You should qualify that statement.

It should read "unpatched Windows NT-based PC". As in Windows NT, 2K
or XP.

Windows 98/se, as installed using it's default installation settings,
is not (and was not) vulnerable to network-based exploits (worms
mostly) like NT, 2K and XP were, and for which the phrase "Internet
Survival Time" was coined for (google that phrase for more
background).

 

[David H. Lipman]

From: "Virus Guy" <[email protected]>


|
| You should qualify that statement.
|
| It should read "unpatched Windows NT-based PC". As in Windows NT, 2K
| or XP.
|
| Windows 98/se, as installed using it's default installation settings,
| is not (and was not) vulnerable to network-based exploits (worms
| mostly) like NT, 2K and XP were, and for which the phrase "Internet
| Survival Time" was coined for (google that phrase for more
| background).

Not 100% true.

For TCP ports 135 and 445 - yes.

However Win9x/ME was very vulnerable to worms using NetBIOS over IP as infection vectors.

The BugBear comes to mind as well as Baloon and Netlog worms.

 

[David H. Lipman]

From: "David H. Lipman" <[email protected]>


|
| Not 100% true.
|
| For TCP ports 135 and 445 - yes.
|
| However Win9x/ME was very vulnerable to worms using NetBIOS over IP as infection vectors.
|
| The BugBear comes to mind as well as Baloon and Netlog worms.
|

I believe early SDBot variants did as well. I f I remeber correctly they had a large list
of passwords they used to access NetBIOS over IP shares.