RebateMonger
Elite Member
- Dec 24, 2005
- 11,588
- 0
- 0
Call me old fashioned, but I'll stick my neck out here and state that simply having NAT turned on, and NO ports being forwarded, is actually a pretty good defense against worms.
Yes, I've had respected security gurus tell me that NAT is NOT a firewall. OK. I'll agree with that. But a simple NAT router, even today, appears to be plenty to stop those nasty worms floating around on the Internet. It's tough to attack a port if that port isn't connected to anything (i.e. no Port Forwarding enabled on the router).
Yes, there are some attacks that can get to a NAT router (like SYN flooding). But those aren't your typical worm attack methods. They're more of a DDOS attack technique. And it's tough to find even the simplest router that doesn't include Stateful Packet Inspection, that will protect against many of these kind of attacks.
Yes, I've had respected security gurus tell me that NAT is NOT a firewall. OK. I'll agree with that. But a simple NAT router, even today, appears to be plenty to stop those nasty worms floating around on the Internet. It's tough to attack a port if that port isn't connected to anything (i.e. no Port Forwarding enabled on the router).
Yes, there are some attacks that can get to a NAT router (like SYN flooding). But those aren't your typical worm attack methods. They're more of a DDOS attack technique. And it's tough to find even the simplest router that doesn't include Stateful Packet Inspection, that will protect against many of these kind of attacks.