nanog mailing list archives
Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)
From: Larry Smith <lesmith () ecsis net>
Date: Mon, 4 Jun 2007 15:31:00 -0500
On Monday 04 June 2007 13:54, Valdis.Kletnieks () vt edu wrote:
On Mon, 04 Jun 2007 11:32:39 PDT, Jim Shankland said:*No* security gain? No protection against port scans from Bucharest? No protection for a machine that is used in practice only on the local, office LAN? Or to access a single, corporate Web site?Nope. Zip. Zero. Ziltch. Nothing over and above what a good properly configured stateful *non*-NAT firewall should be doing for you already.
Cool, then I need four of these firewalls, and two Class-C (512) worth of IP space that works behind my current ISP at no more than $39.95 each (my basic price for a Dlink, Netgear, etc cable/dsl router with NAT) with no additional cost to my monthly internet - and I will start switching over networks... Yes, I am joking, but the point being that _currently_ NAT serves a purpose; is supported by lots and lots of little "boxes" that customers can plugin, configure, and be on the "net" quickly and easily without having to know about all the "firewall" related stuff; and _does_ do all those neat stateful things for people that have absolutely no interest in knowing about much less learning how to make work. While I agree with the principle being discussed, would that many, many, many more cable in particular and dsl customers of <Insert-Name-of-Large-ISP> had such NAT boxes installed and maybe the rest of us would not be getting quite so much spam from hacked cable/dsl/whatever machines... -- Larry Smith SysAd ECSIS.NET sysad () ecsis net
Current thread:
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff), (continued)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Dorn Hetzel (Jun 04)
- Security gain from NAT (was: Re: Cool IPv6 Stuff) Jim Shankland (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Daniel Senie (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Matthew Palmer (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Edward B. DREGER (Jun 04)
- Re: Security gain from NAT Richard P. Welty (Jun 04)
- Re: Security gain from NAT Donald Stahl (Jun 04)
- Re: Security gain from NAT Dave Israel (Jun 04)
- Re: Security gain from NAT Edward B. DREGER (Jun 04)
- Re: Security gain from NAT Fred Baker (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Larry Smith (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Matthew Palmer (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Lamar Owen (Jun 04)
- Enterprise IPv6 (Was: Cool IPv6 Stuff/Security gain from NAT) Nathan Ward (Jun 04)