nanog mailing list archives
Re: Security gain from NAT
From: "James R. Cutler" <james.cutler () consultant com>
Date: Tue, 05 Jun 2007 08:43:17 -0400
Maybe one should consider the customer viewpoint and not just semantic twiddle. When I install one of those little and inexpensive boxes it is for several reasons, not just security. However, the "I hear you knocking, but you can't come in." is invaluable to keep out probes of popular Microsoft points (ports) of vulnerability. In a very practical sense this is added security for the end system. Yes, it is from the Stateful Inspection and not, per se, from address or port translation. That really does not matter because it comes as a package in those cute little boxes.
Regarding efficacy of NAT: Have you considered what the typical ISP policy on address assignment and routing will be? Will Comcast announce routes to all my end system addresses to the world? Will Comcast even allow for more than one address per connection? Substitute your vendor of choice here. Be it BT or whatever, until you assure me that my ISP will not interfere with my local SOHO or home network or increase my rate per system added, I will encourage multiplexing of addresses, regardless of IPv4, IPv6, landline telephone number, PO Box, or whatever.
Listen to Ahnberg and Dillon. What they say makes much sense and avoids the semantic quibbling that has consumed too much of NANOG mailing list bandwidth. We already know that "All dragons are scotsmen, but not all scotsmen are dragons."
- James R. Cutler james.cutler () consultant com
Current thread:
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff), (continued)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) James Hess (Jun 05)
- RE: Security gain from NAT (was: Re: Cool IPv6 Stuff) michael.dillon (Jun 05)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Nathan Ward (Jun 05)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Sam Stickland (Jun 06)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Kradorex Xeron (Jun 05)
- Re: Security gain from NAT Leigh Porter (Jun 04)
- Re: Security gain from NAT Donald Stahl (Jun 04)
- Re: Security gain from NAT Dorn Hetzel (Jun 04)
- Re: Security gain from NAT Mattias Ahnberg (Jun 05)
- Re: Security gain from NAT Adrian Chadd (Jun 05)
- Re: Security gain from NAT James R. Cutler (Jun 05)
- Re: Security gain from NAT Matthew Palmer (Jun 04)
- Re: Security gain from NAT Sam Stickland (Jun 04)
- Re: Security gain from NAT Matthew Palmer (Jun 04)
- Re: Security gain from NAT Matthew Kaufman (Jun 04)
- RE: Security gain from NAT (was: Re: Cool IPv6 Stuff) Tony Hain (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Valdis . Kletnieks (Jun 04)
- Security gain from NAT (was: Re: Cool IPv6 Stuff) Jim Shankland (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Valdis . Kletnieks (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Dorn Hetzel (Jun 04)
- Security gain from NAT (was: Re: Cool IPv6 Stuff) Jim Shankland (Jun 04)