For better or for worse...

by Anton Chuvakin

Related link:

"While most break-in tries fail, an unprotected PC can get hijacked within minutes of accessing the Internet." So what? Everybody knows that :-) That is actually not the point of my blog entry. The interesting thing we observe in our Linux honeypots lately is that the time to compromise has dramatically *increased*. Skiddies used to "own" unsecured RedHat 7.1 in days, now the same thing will sit for months (same applies to newer Linux variants). Thus, I easily belived that "there were no successful compromises of the Macintosh, the Linspire or the two Windows XPs using firewalls", as the article says. Internet security for home users is actually THAT simple...


2004-11-30 14:45:23
Yep. NAT does help.
Of course the NATted boxes weren't compromised. That's because all of the automated attacks happening against the newly connected computers are looking for specific things, which aren't accessible from a default NAT router install.

There are all sorts of ways that a determined LIVE attacker could use to compromise your PC/Mac box while behind a NAT router, but let's face it: the number of determined LIVE attackers is pretty small compared to the number of automated attacks happening every minute.

2004-11-30 22:45:59
Yep. NAT does help.
well said.

Irrespective of the OS or hardware used on the machine itself any protective measures at all will slow down an attacker.

And as attackers get dumber (the vast majority are script kiddies who know no more than to start their probing software and let it do its thing, then come back a few hours later to see the count of victims, the number of clever ones has likely gone down) the number of attackers with the capabilities to penetrate even the simplest protective measures is down.

Even now most exploits are learned of only because of the release of fixes that prevent them, a quite different situation from a few years ago.