nanog mailing list archives
Re: Rate of growth on IPv6 not fast enough?
From: Joe Greco <jgreco () ns sol net>
Date: Fri, 23 Apr 2010 10:28:52 -0500 (CDT)
What makes you think that not using NAT exposes internal topology??Or that internal topology cannot leak out through NAT's ? I have seen NATed enterprises become massively compromised.
NAT allows people to become far too lazy. Your typical NAT allows connections outbound, typically configured without any audit trail, etc., so once a bad guy is inside the "secure NAT firewall," they're free to connect out to the 'net. In comparison, an actual real firewall can prohibit {most, all} outbound access and force the use of proxies. Proxies can provide logging, content scanning, etc., services. Many times, those who argue in favor of NAT as a "firewall" are the same ones who seem to actually be relying on the NAT as inbound protection, but who aren't really doing anything to control their outbound traffic, or IDS, etc. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Current thread:
- Re: Rate of growth on IPv6 not fast enough?, (continued)
- Re: Rate of growth on IPv6 not fast enough? Matthew Kaufman (Apr 23)
- Re: Rate of growth on IPv6 not fast enough? Joel Jaeggli (Apr 24)
- Re: Rate of growth on IPv6 not fast enough? Mark Smith (Apr 24)
- Re: Rate of growth on IPv6 not fast enough? Stefan Bethke (Apr 24)
- Re: Rate of growth on IPv6 not fast enough? Owen DeLong (Apr 25)
- Re: Rate of growth on IPv6 not fast enough? Jim Burwell (Apr 22)
- Re: Rate of growth on IPv6 not fast enough? Clue Store (Apr 23)
- Re: Rate of growth on IPv6 not fast enough? Jim Burwell (Apr 23)
- Re: Rate of growth on IPv6 not fast enough? Clue Store (Apr 23)
- Re: Rate of growth on IPv6 not fast enough? Marshall Eubanks (Apr 23)
- Re: Rate of growth on IPv6 not fast enough? Joe Greco (Apr 23)
- Re: Rate of growth on IPv6 not fast enough? bmanning (Apr 22)
- RE: Rate of growth on IPv6 not fast enough? John Lightfoot (Apr 22)
- RE: Rate of growth on IPv6 not fast enough? Matthew Huff (Apr 22)
- Re: Rate of growth on IPv6 not fast enough? Charles Mills (Apr 22)
- Re: Rate of growth on IPv6 not fast enough? Larry Sheldon (Apr 22)
- Re: Rate of growth on IPv6 not fast enough? Mark Smith (Apr 23)
- Re: Rate of growth on IPv6 not fast enough? Larry Sheldon (Apr 22)
- Re: Rate of growth on IPv6 not fast enough? Marshall Eubanks (Apr 22)
- Re: Rate of growth on IPv6 not fast enough? Joel Jaeggli (Apr 24)
- Re: Rate of growth on IPv6 not fast enough? Larry Sheldon (Apr 24)