|
Do you have evidence that the bot nets are set up in that way? Their report contained a couple of interesting paragraphs on DHCP and NAT : The DHCP effect: As we discussed, during our ten days of monitoring, we observed 182,800 bots. In contrast, during the same time, 1,247,642 unique IP addresses contacted our server. By looking at the IP addresses in the Torpig headers we are able to determine that 144,236 (78.9%) of the infected machines were behind a NAT, VPN, proxy, or firewall. We identified these hosts by using the non-publicly routable IP addresses listed in RFC 1918: 10/8, 192.168/16, and 172.16-172.31/16. We observed 9,336 distinct bots for 2,753 IP addresses from these infected machines on private networks. Therefore, if the IP address count was used to determine the number of hosts it would underestimate the infection count by a factor of more than 3 times. |
All that could simply mean that there are millions of people out there who click on every p0rn site link they can find :)
After all, according to a Cisco mate of mine, p0rn accounts for the majority of internet traffic :) Same with emails. |
Originally Posted by IO540
(Post 6756009)
Malwarebytes also failed to see anything. In fact it has found nothing at all when I have run it - except in one case of a laptop on which it found 13 trojans :)
Were they infected while sitting there switched on, with nobody using them? How does one access a PC behind a NAT router, which has no open ports? And if you get through the router, the PC (assuming it is running windoze with the main patches applied) will still present the attacker with a login prompt, or the attacker will need login credentials if you are going in via a LAN. That's if the PC has been configured to ask for a login+password. If not, one important element of security has been lost. Let me give you one relevant example. The recent Anonymous attacks have been related to SQL injection hacks, where SQL servers have been exploited by sending malformed requests, leading to them coughing up things like passwords or other otherwise hidden documents. Now, consider a SQL server running on a PC (not an unknown phenomenon on a lot of PCs that otherwise don't need it), sat waiting for querying. It doesn't take too much of a leap of faith to see that if there was access to that server you could be susceptible to a security breach of the PC. Now what if you had access through NAT to the port? pretty easy to hack, huh? Especially if you remember that NAT holds the port open for a fair amount longer than it takes to transmit the data. Not too difficult to gain access in that regard, if the port's opened for some reason or another. |
Originally Posted by IO540
(Post 6756029)
After all, according to a Cisco mate of mine, p0rn accounts for the majority of internet traffic :)
Porn passed over as Web users become social: author | Reuters |
The time has come - update2
Indeed A.O, as the original poster on that thread and recipient of the advice from Mr Mike of Bracknell-world - I gave an update on the installation process and 4months later, can further report that everything has since run smoothly and efficiently and I can honestly recommend it.
DaveD |
Me, I just do what I'm told so I have a Mike from B set up on my new pc.
|
Ancient Observer,
Me, I just do what I'm told so I have a Mike from B set up on my new pc. |
| All times are GMT. The time now is 14:48. |
Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.