nanog mailing list archives

Re: Security gain from NAT

From: brett watson <brett () the-watsons org>
Date: Mon, 4 Jun 2007 22:23:14 -0700



On Jun 4, 2007, at 9:51 PM, Donald Stahl wrote:

A SI firewall ruleset equivalent to PAT is a single rule on aCheckPoint firewall (as an example):
Src: Internal - Dst: Any - Action: Allow

Done.

Done indeed! Botnet operators *love* this policy. This type of policyis probably worse than any issue discussed in this thread so far.

-b

Current thread:

Re: Security gain from NAT Roger Marquis (Jun 04)
- Re: Security gain from NAT Donald Stahl (Jun 04)
  - Re: Security gain from NAT brett watson (Jun 04)
- <Possible follow-ups>
- Re: Security gain from NAT Roger Marquis (Jun 05)
  - Re: Security gain from NAT Donald Stahl (Jun 05)
    - Re: Security gain from NAT Donald Stahl (Jun 05)
    - Re: Security gain from NAT Roger Marquis (Jun 05)
    - Re: Security gain from NAT Valdis . Kletnieks (Jun 05)
    - Re: Security gain from NAT Roger Marquis (Jun 05)
    - Re: Security gain from NAT Bill Stewart (Jun 06)
    - Re: Security gain from NAT Nathan Ward (Jun 06)
    - Re: Security gain from NAT Stephen Sprunk (Jun 06)
    - Re: Security gain from NAT David Conrad (Jun 06)

(Thread continues...)