nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPv6 - real vs theoretical problems

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Sat, 8 Jan 2011 02:00:10 +0000

On Jan 8, 2011, at 8:54 AM, William Herrin wrote:


I presume you don't intend us to conclude that a bastion host firewall provides no security benefit to the equipment 
it
protects.


If it's protecting workstations, yes, it has some positive security value - but not due to NAT.

If it's inappropriately placed in front of servers, where's there's no state to inspect and were the stateful nature of 
the device in and of itself forms a DoS vector, it has negative security value; i.e., it makes things far worse.

------------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

Most software today is very much like an Egyptian pyramid, with millions
of bricks piled on top of each other, with no structural integrity, but
just done by brute force and thousands of slaves.

                          -- Alan Kay
Previous By Date Next
Previous By Thread Next

Current thread: