Firewall Wizards mailing list archives

Re: Stats on how common NAT is?

From: "Paul D. Robertson" <proberts () patriot net>
Date: Sun, 15 Dec 2002 09:32:13 -0500 (EST)

On Sun, 15 Dec 2002, Michael Still wrote:

Hello.

I work as a software developer, and there has been some discussion at work
as to how common NAT is in corporate environments (this affects whether we
use DCOM or not).


It's very pervasive.  I can't think of any sites I've been to in the last 
year that haven't been using RFC1918 addresses.  Of course, it's possible 
to use proxies and not NAT the 1918 addresses, but I think everywhere 
I've been where that was the plan, some exception has forced NAT into the 
equation at some point in the network.

Does anyone have any pointers on how common NAT in corporate environments
is? Why are these people using NAT, is it solely the expense of real IPs,
or is it also for the added security?


These days, IP space is tied to a provider, and address space management 
is a pain if you don't have a large address space.  Therefore, it makes 
sense from an address space management perspective to NAT the traffic.  

There really isn't any additional security from a conservatively 
configured network with routable public addresses and one with RFC1918  
addresses[1].

Anyway, I don't have any good statistics, but my gut is that it's 
much better than the 85th percentile these days.

Paul
[1] My previous employer had 2 pre-CIDR Class B address spaces, as well as 
a portable /23 and we used legitimate addresses internally, but you still 
weren't going to route traffic from the Internet to a device that wasn't 
specifically permitted to do so.  The provider routing the address space 
to the DMZ doesn't obligate the DMZ to route the entire address space 
internally, for instance.
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Stats on how common NAT is? Michael Still (Dec 14)
- RE: Stats on how common NAT is? Bill Royds (Dec 14)
- Re: Stats on how common NAT is? R. DuFresne (Dec 15)
  - Re: Stats on how common NAT is? CTA (Dec 15)
- Re: Stats on how common NAT is? Paul D. Robertson (Dec 15)
- Re: Stats on how common NAT is? Mikael Olsson (Dec 15)
- Re: Stats on how common NAT is? Daniel Linder (Dec 16)
- Re: Stats on how common NAT is? Michael Still (Dec 17)
- <Possible follow-ups>
- Re: Stats on how common NAT is? CTA (Dec 15)