nanog mailing list archives

Re: Security gain from NAT

From: Sam Stickland <sam_mailinglists () spacething org>
Date: Mon, 04 Jun 2007 20:04:00 +0100


Joe Abley wrote:

On 4-Jun-2007, at 14:32, Jim Shankland wrote:
Shall I do the experiment again where I set up a Linux box
at an RFC1918 address, behind a NAT device, publish the root
password of the Linux box and its RFC1918 address, and invite
all comers to prove me wrong by showing evidence that they've
successfully logged into the Linux box?
Perhaps you should run a corresponding experiment whereby you set up alinux box with a globally-unique address, put it behind a firewallwhich blocks all incoming traffic to that box, and issue a similarinvitation.
Do you think the results will be different?

I fear a somewhat more cynical person could interpret the results ofsuch an experiment to mean that NAT is as good as a firewall ;)

Current thread:

Re: Cool IPv6 Stuff, (continued)
- - - Re: Cool IPv6 Stuff Donald Stahl (Jun 04)
    - Re: Cool IPv6 Stuff Iljitsch van Beijnum (Jun 04)
    - Re: Cool IPv6 Stuff Adrian Chadd (Jun 04)
    - Re: Cool IPv6 Stuff Donald Stahl (Jun 04)
    - Re: Cool IPv6 Stuff Adrian Chadd (Jun 04)
    - Re: Cool IPv6 Stuff Iljitsch van Beijnum (Jun 06)
    - Re: Cool IPv6 Stuff Joel Jaeggli (Jun 04)
    - Re: Cool IPv6 Stuff Owen DeLong (Jun 04)
    - Security gain from NAT (was: Re: Cool IPv6 Stuff) Jim Shankland (Jun 04)
    - Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Joe Abley (Jun 04)
    - Re: Security gain from NAT Sam Stickland (Jun 04)
    - RE: Security gain from NAT Howard C. Berkowitz (Jun 04)
    - Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Owen DeLong (Jun 04)
    - Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Colm MacCarthaigh (Jun 04)
    - Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Matthew Palmer (Jun 04)
    - Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Donald Stahl (Jun 04)
    - Re: Security gain from NAT Jason Lewis (Jun 04)
    - Re: Security gain from NAT Daniel Senie (Jun 04)
    - Re: Security gain from NAT Steven M. Bellovin (Jun 05)
    - RE: Security gain from NAT (was: Re: Cool IPv6 Stuff) David Schwartz (Jun 04)
    - RE: Security gain from NAT (was: Re: Cool IPv6 Stuff) Donald Stahl (Jun 04)

(Thread continues...)