On Wed, Jul 30, 2003 at 10:15:16AM -0400, dep wrote: >quoth Net Llama!: > >| I have DSL, not cable. My bandwidth remains the same regardless of >| what the rest of the planet's idiots are doing. > >not true. when ie and outlook vulnerabilities are being exploited, which >is to say all the time, you're being hindered along the line, even if >you don't see it locally. there is x amount of bandwidth, and those >exploits consume y, leaving x-y for you and everyone else.
Not to mention things like ``Code Red'' and ``Nimda'' which were filling up hard drives with Apache's logs at the height of their activity. It got so bad that we had to turn off logging for a while. Our Linux router also rejects about 40,000 probes per day on ports with known Microsoft security problems (e.g. SQL Server, ports 137-139, etc), and general port scans. The vast majority of these probes come from cracked Windows systems that are being used without their owner's knowledge. This is a single T1 with two /24 networks. Imagine the traffic at sites with serious bandwidth and networks. Another factor is that a huge percentage of the spam that's sent today now goes through open proxy servers, mostly on Windows machines where the owner doesn't even know they have a proxy server. The simplest way for the average broadband Windows user to protect themselves from much of this abuse is to install one of the commodity cable/dsl router boxes that does NAT, and only allows outside connections to machines on the inside network on specific ports that must be configured manually. We use quite a few LinkSys VPN router/switches (Part Number BEFVP41) for this. They're cheap, and their IPSec VPN tunnelling works with Linux FreeS/WAN, FreeBSD, and OS X as well as the usual Windows IPSec software. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ Breathe fire, slay dragons, and take chances. Failure is temporary, regret is eternal. _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users