nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)

From: "Dorn Hetzel" <dhetzel () gmail com>
Date: Mon, 4 Jun 2007 14:20:44 -0700
Sure, NAT can't prevent users from running with scissors, but sometimes it
does block the scissors thrown at the back of their neck whilst they are
sleeping :)

On 6/4/07, Valdis.Kletnieks () vt edu <Valdis.Kletnieks () vt edu> wrote:


On Mon, 04 Jun 2007 12:20:38 PDT, Jim Shankland said:

> I can't pass over Valdis's statement that a "good properly configured
> stateful firewall should be doing [this] already" without noting
> that on today's Internet, the gap between "should" and "is" is
> often large.

Let's not forget all the NAT boxes out there that are *perfectly* willing
to let a system make an *outbound* connection.  So the user makes a first
outbound connection to visit a web page, gets exploited, and the exploit
then phones home to download more malware.

Yeah, that NAT *should* be providing security, but as you point out,
there's
that big gap between should and is... :)
Previous By Date Next
Previous By Thread Next

Current thread: