nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is NAT can provide some kind of protection?

From: Scott Helms <khelms () ispalliance net>
Date: Wed, 12 Jan 2011 15:44:27 -0500
No it really doesn't. Thank you for leaving the key word when you quoted me (configured). The difference is the _default_ behavior of the two. NAT by _default_ drops packets it doesn't have a mapped PAT translation for. Home firewalls do not _default_ to dropping all packets they don't have a rule to explicitly allow. The behaviors when configured by someone knowledgeable behave the in a similar fashion (allowing packets that are configured to pass and dropping all others) but end users don't do that as a rule. 

On 1/12/2011 3:31 PM, Chris Adams wrote:

Once upon a time, Scott Helms<khelms () ispalliance net>  said:

Few home users have a stateful firewall configured

Yes, they do.  NAT requires a stateful firewall.  Why is that so hard to
understand?



--
Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000
--------------------------------
Looking for hand-selected news, views and
tips for independent broadband providers?

Follow us on Twitter! http://twitter.com/ZCorum
--------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: