Let's talk about yum and p2p in Fedora
Joe Zeff
joe at zeff.us
Mon Dec 27 23:56:00 UTC 2010
On 12/27/2010 03:16 PM, Marko Vojinovic wrote:
>
> Oh, but the scanner *will* get a response, that's the whole point of port-
> forwarding. A scanner sends out a bait, NAT forwards it to appropriate server,
> the server responds, NAT forwards the response back to the scanner.
>
Not if the router is set to drop any incoming packets on ports that
aren't forwarded, and that was what I was thinking of.
>
> If malware has infected one of your machines, it typically *will* initiate the
> connection (calling-home), and the NAT will do nothing to prevent
> communication in that case.
>
I simplified there a little. I was thinking that if the "mother ship"
gave out your IP to other infected boxes they wouldn't be able to
connect. Probably I should have been more specific. Thanx for bringing
it up.
>>
>> In your example above, what's the difference between scanning your NAT
>> box for open ports and having them forwarded by the NAT box to a box
>> on your internal network or scanning a publicly accessible box on your
>> internal network directly?
>>
Again, the router silently drops all attempts to connect to any port not
forwarded. Yes, your firewall should do the same thing and probably does.
More information about the users
mailing list