nanog mailing list archives
Re: Security gain from NAT
From: Matthew Kaufman <matthew () eeph com>
Date: Mon, 04 Jun 2007 16:31:22 -0700
Leigh Porter wrote:
Additionally, NATing services on separate machines behind a single NATed address anonymises the services behind a single address.
Agreed. It can be very useful to not expose the internal topology through address assignment so as to not expose which subnets/desktops/users are accessing certain foreign addresses.
This is an even bigger issue in v6 if your stack exposes the MAC address in its choice of stateless autoconfiguration address, as this then gives away not just your internal topology but the vendor of the machines (or at least the ethernet card maker). One can easily imagine attacks based on knowing that a vulnerable and hard-to-upgrade embedded system (an Internet-fax machine, say) was on a particular subnet.
Matthew Kaufman matthew () eeph com
Current thread:
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff), (continued)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Kradorex Xeron (Jun 05)
- Re: Security gain from NAT Leigh Porter (Jun 04)
- Re: Security gain from NAT Donald Stahl (Jun 04)
- Re: Security gain from NAT Dorn Hetzel (Jun 04)
- Re: Security gain from NAT Mattias Ahnberg (Jun 05)
- Re: Security gain from NAT Adrian Chadd (Jun 05)
- Re: Security gain from NAT James R. Cutler (Jun 05)
- Re: Security gain from NAT Matthew Palmer (Jun 04)
- Re: Security gain from NAT Sam Stickland (Jun 04)
- Re: Security gain from NAT Matthew Palmer (Jun 04)
- Re: Security gain from NAT Matthew Kaufman (Jun 04)
- RE: Security gain from NAT (was: Re: Cool IPv6 Stuff) Tony Hain (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Valdis . Kletnieks (Jun 04)
- Security gain from NAT (was: Re: Cool IPv6 Stuff) Jim Shankland (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Valdis . Kletnieks (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Dorn Hetzel (Jun 04)
- Security gain from NAT (was: Re: Cool IPv6 Stuff) Jim Shankland (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Daniel Senie (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Matthew Palmer (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Edward B. DREGER (Jun 04)
- Re: Security gain from NAT Richard P. Welty (Jun 04)