On 12/27/2010 03:16 PM, Marko Vojinovic wrote: > > Oh, but the scanner *will* get a response, that's the whole point of port- > forwarding. A scanner sends out a bait, NAT forwards it to appropriate server, > the server responds, NAT forwards the response back to the scanner. > Not if the router is set to drop any incoming packets on ports that aren't forwarded, and that was what I was thinking of. > > If malware has infected one of your machines, it typically *will* initiate the > connection (calling-home), and the NAT will do nothing to prevent > communication in that case. > I simplified there a little. I was thinking that if the "mother ship" gave out your IP to other infected boxes they wouldn't be able to connect. Probably I should have been more specific. Thanx for bringing it up. >> >> In your example above, what's the difference between scanning your NAT >> box for open ports and having them forwarded by the NAT box to a box >> on your internal network or scanning a publicly accessible box on your >> internal network directly? >> Again, the router silently drops all attempts to connect to any port not forwarded. Yes, your firewall should do the same thing and probably does. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
