RE: NAT Pseudo Security

[Frank Knobbe <frank () knobbe us>]

On Wed, 2004-05-05 at 02:49, Ben Nagy wrote:
> Here are Paul, Mike and I rehashing the saaaame argument in 2002, two years
> after the thread Mike notes - even with a déjà vu reference to the older
> thread. Irony. :/

Hey Ben,

I prefer people pull out old topics and discuss them fresh from time to
time. While a FAQ is useful for guiding those that seek knowledge, I
think it's very important that we periodically review those things that
we hammered in stone a few years ago. The chances that we see it in a
different light, or have new thoughts on it, are well worth the
rehashing.

What was fascinating about this post was that the OP asked if NAT is
enough of a security measure, but then began to describe what sounded
like a firewall. Apparently there was a disconnect between the concepts
of NAT (as in plain-dumb-router-style NAT) and a product that does NAT
(like a SOHO firewall). At least that's what how it appeared to me just
before I hit CTRL-D. Perhaps I misread the post.

Anyhow, let's not complain if someone brings up old topics, but take a
minute to look at it again, and either nod approvingly or go "hey,
here's a new thought". Remember, the risks of TCP resets were discussed
decades ago, and we just now got around to improving router security. 
:)

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part