nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is NAT can provide some kind of protection?

From: Lamar Owen <lowen () pari edu>
Date: Thu, 13 Jan 2011 14:44:57 -0500
On Wednesday, January 12, 2011 12:16:27 pm Valdis.Kletnieks () vt edu wrote:

140 million compromised PC's, most of them behind a NAT, can't be wrong. :)


How many more would there be if most PC's were not behind NAT or stateful firewalling?  

Or, to turn it on its ear,  "Windows is the best OS; 250 million Windows PC's can't be wrong."  Uh, yes they can.

The various implementations of NAT, the various implementations of stateless and stateful firewalling, and any other 
ingress protections only cover a few attack vectors; surf-by client-driven web bugs aren't in that set of vectors.

However, mechanisms like PVLANs and internal firewalling can help mitigate those, as can host-based protections.
Previous By Date Next
Previous By Thread Next

Current thread: