Security Basics mailing list archives
RE: NAT external/Public IP
From: "Grant Donald" <Grant.Donald () datacash co za>
Date: Tue, 30 Oct 2007 10:55:03 +0200
With PAT private IP addresses are hidden from the outside world. This basically makes the job of hacking into a system more difficult, because the original host's IP address and source port is unknown. Depending on firewall capabilities (or lack of capabilities) ports may need to be opened inbound for certain applications to work (e.g.. ident & pptp). A horizontal scan of such a network could produce a wealth of knowledge, if that network does not support port address translation. The PCI body cannot dictate to you which firewall to use, neither can they forbid you from opening specific justified ports into your network. What they can do is insist that you use network address translation, only an additional hurdle, perhaps just enough to deter a random attacker. Regards -Grant ________________________________ From: listbounce () securityfocus com on behalf of Ansgar -59cobalt- Wiechers Sent: Mon 2007/10/29 05:58 PM To: security-basics () securityfocus com Subject: Re: NAT external/Public IP On 2007-10-29 Grant Donald wrote:
There's a real security benefit in using PAT for internet access from staff PC's. Any alternative is most definitely less secure.
I keep seeing this claim being made. Yet I fail to see anyone giving evidence to support it. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq DISCLAIMER: This email and any files transmitted with it are confidential to DataCash Group plc and its group companies. It is intended only for the person to whom it is addressed. If you have received this email in error, please forward it to info () datacash com with the subject line "Received in Error". If you are not the intended recipient you must not use, disclose, copy, print, distribute or rely on this email or any of its transmitted files.
Current thread:
- NAT external/Public IP smarts_buy (Oct 24)
- Re: NAT external/Public IP crazy frog crazy frog (Oct 25)
- Re: NAT external/Public IP Ansgar -59cobalt- Wiechers (Oct 25)
- RE: NAT external/Public IP Jason Alexander (Oct 25)
- RE: NAT external/Public IP Eric Furman (Oct 25)
- RE: NAT external/Public IP Jason Alexander (Oct 26)
- RE: NAT external/Public IP Grant Donald (Oct 29)
- Re: NAT external/Public IP Ansgar -59cobalt- Wiechers (Oct 29)
- Re: NAT external/Public IP Michael Painter (Oct 30)
- RE: NAT external/Public IP Grant Donald (Oct 30)
- Re: NAT external/Public IP Ansgar -59cobalt- Wiechers (Oct 30)
- RE: NAT external/Public IP Security Incidents (Oct 30)
- Re: NAT external/Public IP crazy frog crazy frog (Oct 31)
- RE: NAT external/Public IP Dan Lynch (Oct 31)
- Re: NAT external/Public IP Ansgar -59cobalt- Wiechers (Oct 25)
- Re: NAT external/Public IP crazy frog crazy frog (Oct 25)
- Re: NAT external/Public IP Chris Barber (Oct 25)
- RE: NAT external/Public IP Nick Vaernhoej (Oct 25)
- Re: NAT external/Public IP Ansgar -59cobalt- Wiechers (Oct 25)
- Re: NAT external/Public IP Brett (Oct 25)
- Re: NAT external/Public IP crazy frog crazy frog (Oct 25)
- Re: NAT external/Public IP Ansgar -59cobalt- Wiechers (Oct 25)