[Full-Disclosure] Learn from history?

[Serge van Ginderachter (svgn)]

> From: Andrew Simmons 
> > do you have any idea how much small businesses have just a 
> NAT router
> > instead of a real firewall?
> 
> in what way is a nat box *not* a stateful firewall?

First, I don't believe I said they weren't. Depends on which 'box' we're
talking. Some simple SMC or USRobotics router vs. e.g. IPCop etc.

Secondly, that was not the problem I was referring to. The problem with what
I understood by a NAT box, is the fact they generally do not allow outbound
filtering, meaning a hacker who made a first step inside, has all ports open
to backfire command shell, download some hack tools etc.

Simple example: a cracker sends you a mail with an url you should click. The
url is not 'http://server/' but \\server\share, which you might not notice.
With such a simple trick he can have a netbios session and read out a whole
lot of information about your system. Now with outbound filtering that could
be stopped. Which is definitely not possible with a simple NAT box.

Everyone know NETBIOS must be blocked incoming. Now I hope you understand
why it should be blocked outgoing also.


Serge