nanog mailing list archives
Re: [arin-announce] IPv4 Address Space (fwd)
From: Scott McGrath <mcgrath () fas harvard edu>
Date: Thu, 30 Oct 2003 09:22:50 -0500 (EST)
That was _exactly_ the point I was attempting to make. If you recall there was a case recently where a subcontractor at a power generation facility linked their system to an isolated network which gave unintentional global access to the isolated network. a NAT at the subcontrator's interface would have prevented this. Scott C. McGrath On Wed, 29 Oct 2003, Jack Bates wrote:
David Raistrick wrote:You seem to be arguing that NAT is the only way to prevent inbound access. While it's true that most commercial IPv4 firewalls bundle NAT with packet filtering, the NAT is not required..and less-so with IPv6.I think the point that was being made was that NAT allows the filtering of the box to be more idiot proof. Firewall rules tend to be complex, which is why mistakes *do* get made and systems still get compromised. NAT interfaces and setups tend to be more simplistic, and the IP addresses of the device won't route publicly through the firewall or any unknown alternate routes. -Jack
<
Current thread:
- Re: [arin-announce] IPv4 Address Space (fwd), (continued)
- Re: [arin-announce] IPv4 Address Space (fwd) Dave Howe (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Scott McGrath (Oct 29)
- RE: [arin-announce] IPv4 Address Space (fwd) Gary Blankenship (Oct 30)
- Re: [arin-announce] IPv4 Address Space (fwd) Dave Howe (Oct 29)
- RE: [arin-announce] IPv4 Address Space (fwd) Michel Py (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Miquel van Smoorenburg (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Scott McGrath (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) David Raistrick (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Jack Bates (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Crist Clark (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) E.B. Dreger (Oct 30)
- Re: [arin-announce] IPv4 Address Space (fwd) Scott McGrath (Oct 30)
- Re: [arin-announce] IPv4 Address Space (fwd) Paul Timmins (Oct 30)
- Re: [arin-announce] IPv4 Address Space (fwd) Scott McGrath (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Scott McGrath (Oct 30)
- Re: [arin-announce] IPv4 Address Space (fwd) Leo Bicknell (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) matt (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Alex Yuriev (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) william (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) Alex Yuriev (Oct 29)
- Re: [arin-announce] IPv4 Address Space (fwd) matt (Oct 29)
- traffic engineering (or lack of thereof) Alex Yuriev (Oct 30)