nanog mailing list archives
Re: Block all servers?
From: Petri Helenius <pete () he iki fi>
Date: Sat, 11 Oct 2003 20:08:54 +0300
Adam Selene wrote:
NAT boxes are quite unreliable, specially large ones. If you say "put 100000 small ones instead", that really sounds a support nightmare. And you can filter without having NAT. (a long time ago NAT was thought to be a security mechanism, that has fortunatelyNAT is more expensive to produce, so it should be an optional premium service, and that seems to be more and more the case.Not necessarily when you consider the cost (in bandwidth, network reliability and support staff) imposed by worms and kiddies from other networks scanning your IP space for unsecured machines.
mostly died out)
For the price of a large NAT box, you can buy better security mitigation products which would allow you to get the wilful spammers, trojaned machines, etc. whichThat's not even to mention the cost imposed by compromised systems. Even if NAT only reduces compromised systems by 20%, that's a cost savings.
are not saved by your magic box.
Given that most edge hardware supports NAT, the additional cost is nominal.
My operational experience tells quite a different story.
Getting IP space allocation is not without cost either.
That´s nothing compared to the people complaining about their applications not working because you want to break their packets. Pete
Current thread:
- Re: Block all servers?, (continued)
- Re: Block all servers? Steven M. Bellovin (Oct 14)
- Re: Block all servers? Alex Yuriev (Oct 11)
- Re: Block all servers? Steven M. Bellovin (Oct 11)
- Re: Block all servers? ken emery (Oct 11)
- RE: Block all servers? Terry Baranski (Oct 11)
- Re: Block all servers? Petri Helenius (Oct 12)
- Re: Block all servers? Majdi S. Abbas (Oct 10)
- Re: Block all servers? Adam Selene (Oct 11)
- Re: Block all servers? Petri Helenius (Oct 11)
- Re: Block all servers? Adam Selene (Oct 11)
- Re: Block all servers? Petri Helenius (Oct 11)
- Re: Block all servers? Petri Helenius (Oct 10)
- RE: Block all servers? Christopher Bird (Oct 11)
- Re: Block all servers? jlewis (Oct 11)
- Re: Fw: Re: Block all servers? Chris Brenton (Oct 15)
- Re: Fw: Re: Block all servers? Crist Clark (Oct 15)