Recommended security add-ons
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
Do you have evidence that the bot nets are set up in that way?
Their report contained a couple of interesting paragraphs on DHCP and NAT :
The DHCP effect:
As we discussed, during our ten days of monitoring, we observed 182,800 bots. In contrast, during the same time, 1,247,642 unique IP addresses contacted our server.
By looking at the IP addresses in the Torpig headers we are able to determine that 144,236 (78.9%) of the infected machines were behind a NAT, VPN, proxy, or firewall. We identified these hosts by using the non-publicly routable IP addresses listed in RFC 1918: 10/8, 192.168/16, and 172.16-172.31/16. We observed 9,336 distinct bots for 2,753 IP addresses from these infected machines on private networks. Therefore, if the IP address count was used to determine the number of hosts it would underestimate the infection count by a factor of more than 3 times.
Join Date: Jun 2003
Location: EuroGA.org
Posts: 13,787
Likes: 0
Received 0 Likes
on
0 Posts
All that could simply mean that there are millions of people out there who click on every p0rn site link they can find 
After all, according to a Cisco mate of mine, p0rn accounts for the majority of internet traffic
Same with emails.
After all, according to a Cisco mate of mine, p0rn accounts for the majority of internet traffic
Same with emails.
Join Date: Jan 2008
Location: Bracknell, Berks, UK
Age: 52
Posts: 1,133
Likes: 0
Received 0 Likes
on
0 Posts
Were they infected while sitting there switched on, with nobody using them?
How does one access a PC behind a NAT router, which has no open ports?
And if you get through the router, the PC (assuming it is running windoze with the main patches applied) will still present the attacker with a login prompt, or the attacker will need login credentials if you are going in via a LAN. That's if the PC has been configured to ask for a login+password. If not, one important element of security has been lost.
Let me give you one relevant example. The recent Anonymous attacks have been related to SQL injection hacks, where SQL servers have been exploited by sending malformed requests, leading to them coughing up things like passwords or other otherwise hidden documents. Now, consider a SQL server running on a PC (not an unknown phenomenon on a lot of PCs that otherwise don't need it), sat waiting for querying. It doesn't take too much of a leap of faith to see that if there was access to that server you could be susceptible to a security breach of the PC. Now what if you had access through NAT to the port? pretty easy to hack, huh? Especially if you remember that NAT holds the port open for a fair amount longer than it takes to transmit the data. Not too difficult to gain access in that regard, if the port's opened for some reason or another.
Join Date: Jan 2008
Location: Bracknell, Berks, UK
Age: 52
Posts: 1,133
Likes: 0
Received 0 Likes
on
0 Posts
Porn passed over as Web users become social: author | Reuters
Join Date: Mar 2008
Location: France
Age: 80
Posts: 70
Likes: 0
Received 0 Likes
on
0 Posts
The time has come - update2
Indeed A.O, as the original poster on that thread and recipient of the advice from Mr Mike of Bracknell-world - I gave an update on the installation process and 4months later, can further report that everything has since run smoothly and efficiently and I can honestly recommend it.
DaveD
DaveD
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
Ancient Observer,
Yeah, he's one of those rare few good things to have emerged from Bracknell in the past millenium. 
Me, I just do what I'm told so I have a Mike from B set up on my new pc.
