[Dshield] Possible solution for ISP (was DShield's public goals)

Håkon Alstadheim hakon at alstadheim.priv.no
Wed Jan 11 23:16:53 GMT 2006


Jon R. Kibler wrote:

>I couldn't agree more. The biggest issue we face is the security ignorant user. They will be completely happy with an 'Equivalent to NAT" account. Right there, that would probably remove 80% or more of the vulnerable systems from the target space. Having 80% less compromised computers would be a VERY good thing!
>  
>
I think my ISP actually has a good solution here. They ship ADSL routers 
where the default setup is using NAT, no DMZ, no port-forwarding. One 
easy call or email to support will get you instructions on how to switch 
to bridge mode on the box. This makees the average home-user invisible 
to the outside, while saving the ISP on cpu-time. They could do the same 
for outgoing port 25 also with an easy opt-out and I would not complain.


More information about the list mailing list