nanog mailing list archives
Re: Security gain from NAT
From: brett watson <brett () the-watsons org>
Date: Mon, 4 Jun 2007 22:23:14 -0700
On Jun 4, 2007, at 9:51 PM, Donald Stahl wrote:
A SI firewall ruleset equivalent to PAT is a single rule on a CheckPoint firewall (as an example):Src: Internal - Dst: Any - Action: Allow Done.
Done indeed! Botnet operators *love* this policy. This type of policy is probably worse than any issue discussed in this thread so far.
-b
Current thread:
- Re: Security gain from NAT Roger Marquis (Jun 04)
- Re: Security gain from NAT Donald Stahl (Jun 04)
- Re: Security gain from NAT brett watson (Jun 04)
- <Possible follow-ups>
- Re: Security gain from NAT Roger Marquis (Jun 05)
- Re: Security gain from NAT Donald Stahl (Jun 05)
- Re: Security gain from NAT Donald Stahl (Jun 05)
- Re: Security gain from NAT Roger Marquis (Jun 05)
- Re: Security gain from NAT Valdis . Kletnieks (Jun 05)
- Re: Security gain from NAT Roger Marquis (Jun 05)
- Re: Security gain from NAT Bill Stewart (Jun 06)
- Re: Security gain from NAT Nathan Ward (Jun 06)
- Re: Security gain from NAT Donald Stahl (Jun 05)
- Re: Security gain from NAT Stephen Sprunk (Jun 06)
- Re: Security gain from NAT David Conrad (Jun 06)
- Re: Security gain from NAT Donald Stahl (Jun 04)