nanog mailing list archives
Security gain from NAT (was: Re: Cool IPv6 Stuff)
From: Jim Shankland <nanog () shankland org>
Date: Mon, 04 Jun 2007 11:32:39 -0700
Owen DeLong <owen () delong com> writes:
There's no security gain from not having real IPs on machines. Any belief that there is results from a lack of understanding.
This is one of those assertions that gets repeated so often people are liable to start believing it's true :-). *No* security gain? No protection against port scans from Bucharest? No protection for a machine that is used in practice only on the local, office LAN? Or to access a single, corporate Web site? Shall I do the experiment again where I set up a Linux box at an RFC1918 address, behind a NAT device, publish the root password of the Linux box and its RFC1918 address, and invite all comers to prove me wrong by showing evidence that they've successfully logged into the Linux box? When I last did this, I got a handful of emails, some quite snide, suggesting I was some combination of ignorant, stupid, and reckless; the Linux box for some reason remained unmolested. Jim Shankland
Current thread:
- Re: Cool IPv6 Stuff, (continued)
- Re: Cool IPv6 Stuff Adrian Chadd (Jun 04)
- Message not available
- Re: Cool IPv6 Stuff Sam Stickland (Jun 04)
- Re: Cool IPv6 Stuff Donald Stahl (Jun 04)
- Re: Cool IPv6 Stuff Iljitsch van Beijnum (Jun 04)
- Re: Cool IPv6 Stuff Adrian Chadd (Jun 04)
- Re: Cool IPv6 Stuff Donald Stahl (Jun 04)
- Re: Cool IPv6 Stuff Adrian Chadd (Jun 04)
- Re: Cool IPv6 Stuff Iljitsch van Beijnum (Jun 06)
- Re: Cool IPv6 Stuff Joel Jaeggli (Jun 04)
- Re: Cool IPv6 Stuff Owen DeLong (Jun 04)
- Security gain from NAT (was: Re: Cool IPv6 Stuff) Jim Shankland (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Joe Abley (Jun 04)
- Re: Security gain from NAT Sam Stickland (Jun 04)
- RE: Security gain from NAT Howard C. Berkowitz (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Owen DeLong (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Colm MacCarthaigh (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Matthew Palmer (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Donald Stahl (Jun 04)
- Re: Security gain from NAT Jason Lewis (Jun 04)
- Re: Security gain from NAT Daniel Senie (Jun 04)
- Re: Security gain from NAT Steven M. Bellovin (Jun 05)