Firewall Wizards mailing list archives
RE: NAT Pseudo Security
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 05 May 2004 15:24:15 -0500
On Wed, 2004-05-05 at 02:49, Ben Nagy wrote:
Here are Paul, Mike and I rehashing the saaaame argument in 2002, two years after the thread Mike notes - even with a déjà vu reference to the older thread. Irony. :/
Hey Ben, I prefer people pull out old topics and discuss them fresh from time to time. While a FAQ is useful for guiding those that seek knowledge, I think it's very important that we periodically review those things that we hammered in stone a few years ago. The chances that we see it in a different light, or have new thoughts on it, are well worth the rehashing. What was fascinating about this post was that the OP asked if NAT is enough of a security measure, but then began to describe what sounded like a firewall. Apparently there was a disconnect between the concepts of NAT (as in plain-dumb-router-style NAT) and a product that does NAT (like a SOHO firewall). At least that's what how it appeared to me just before I hit CTRL-D. Perhaps I misread the post. Anyhow, let's not complain if someone brings up old topics, but take a minute to look at it again, and either nod approvingly or go "hey, here's a new thought". Remember, the risks of TCP resets were discussed decades ago, and we just now got around to improving router security. :) Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- NAT Pseudo Security Lee T. Christie (May 04)
- Re: NAT Pseudo Security Srini (May 04)
- Re: NAT Pseudo Security Mikael Olsson (May 04)
- RE: NAT Pseudo Security Ben Nagy (May 05)
- RE: NAT Pseudo Security Paul D. Robertson (May 05)
- RE: NAT Pseudo Security Frank Knobbe (May 05)
- RE: NAT Pseudo Security Paul D. Robertson (May 05)
- RE: NAT Pseudo Security David Lang (May 06)
- RE: NAT Pseudo Security Ben Nagy (May 05)
- <Possible follow-ups>
- Re: NAT Pseudo Security salgak (May 04)
- VPN testing utility lordchariot (May 04)
- Re: NAT Pseudo Security R. DuFresne (May 05)
- RE: NAT Pseudo Security Melson, Paul (May 04)
- RE: NAT Pseudo Security Sloane, David (May 04)
- RE: NAT Pseudo Security Chris Carlson (May 04)
- RE: NAT Pseudo Security Daniel Chemko (May 06)
- RE: NAT Pseudo Security David Lang (May 06)