nanog mailing list archives
Re: Another driver for v6?
From: Jack Bates <jbates () brightok net>
Date: Wed, 29 Oct 2008 09:21:45 -0500
Brandon Butterworth wrote:
as I am very tired of all the problems caused by multiple layers of NATs and PAT.Likewise but more because people keep designing stuff to try and force others to get rid of them, ignoring why they have them.
A false sense of security? The belief that hiding behind a single IP might disguise how many hosts you have, which in turn might provide some form of hidden security?
Inside the network, host to host security is what should be. This can assist in some protection against bots that do make it to the network, or internal maliciousness. Security from within has always been overlooked by many, and yet it is the employees who provide the largest security risk.
Stateful firewalls will not be going away entirely, but they can track state and perform proxy services without performing address translation. It just scares people because of their false belief that translating an address shows that security is working. If stateful monitoring/proxying/limiting is not in working, the address translation doesn't really matter.
NAT has had it's uses, but it's lazy and a false sense of overall security. I do think Microsoft is crazy if they think the need for VPN will disappear, unless they have another method for the stateful firewalls to snoop, monitor, and alter the IPSEC host to host packets (which isn't entirely impossible).
Jack Bates
Current thread:
- Re: Another driver for v6?, (continued)
- Re: Another driver for v6? Mike Lewinski (Oct 31)
- Re: Another driver for v6? David W. Hankins (Oct 31)
- Re: Another driver for v6? Jeroen Massar (Oct 31)
- Re: Another driver for v6? HRH Sven Olaf Prinz von CyberBunker-Kamphuis MP (Oct 31)
- Re: Another driver for v6? Mikael Abrahamsson (Oct 30)
- RE: Another driver for v6? michael.dillon (Oct 30)
- Re: Another driver for v6? Tore Anderson (Oct 31)
- Re: Another driver for v6? David W. Hankins (Oct 31)
- RE: Another driver for v6? michael.dillon (Oct 30)
- Re: Another driver for v6? Jack Bates (Oct 29)