nanog mailing list archives
Re: Is NAT can provide some kind of protection?
From: Jack Bates <jbates () brightok net>
Date: Fri, 14 Jan 2011 08:13:04 -0600
On 1/13/2011 10:50 PM, Douglas Otis wrote:
Unfortunately, a large number of web sites have been compromised, where an unseen iFrame might be included in what is normally safe content. A device accessing the Internet through a NATs often creates opportunities for unknown sources to reach the device as well. Once an attacker invokes a response, exposures persist, where more can be discovered. There are also exposures related to malicious scripts enabled by a general desire to show users dancing fruit. Microsoft now offers a toolkit that allows users a means to 'decide' what should be allowed to see fruit dance. Users that assume local networks are safe are often disappointed when someone on their network wants an application do something that proves unsafe. Methods to penetrate firewalls are often designed into 'fun' applications or poorly considered OS features.
I have to agree with this, but I believe it is outside the scope of what NAT or stateful firewalls provide. Neither is designed to mitigate this attack. Application level filtering within such firewalls often are designed to protect users in this case.
Application level filtering, however, does not protect from the cell phone hidden in a box which was sent to the wrong party and awaiting to be shipped back.
There is not, and will probably never be, a single solution and approach to security.
Jack
Current thread:
- Re: Is NAT can provide some kind of protection?, (continued)
- Re: Is NAT can provide some kind of protection? William Herrin (Jan 12)
- Re: Is NAT can provide some kind of protection? Valdis . Kletnieks (Jan 12)
- Re: Is NAT can provide some kind of protection? Jack Bates (Jan 12)
- RE: Is NAT can provide some kind of protection? Nathan Eisenberg (Jan 12)
- Re: Is NAT can provide some kind of protection? Jack Bates (Jan 12)
- Re: Is NAT can provide some kind of protection? Valdis . Kletnieks (Jan 12)
- Re: Is NAT can provide some kind of protection? William Herrin (Jan 12)
- Re: Is NAT can provide some kind of protection? Mark Andrews (Jan 12)
- Re: Is NAT can provide some kind of protection? William Herrin (Jan 13)
- Re: Is NAT can provide some kind of protection? Owen DeLong (Jan 13)
- Re: Is NAT can provide some kind of protection? Douglas Otis (Jan 13)
- Re: Is NAT can provide some kind of protection? Jack Bates (Jan 14)
- Re: Is NAT can provide some kind of protection? William Herrin (Jan 14)
- Re: Is NAT can provide some kind of protection? Owen DeLong (Jan 14)
- Re: Is NAT can provide some kind of protection? Jack Bates (Jan 14)
- Re: Is NAT can provide some kind of protection? Douglas Otis (Jan 14)
- Re: Is NAT can provide some kind of protection? William Herrin (Jan 12)
- Re: Is NAT can provide some kind of protection? William Herrin (Jan 14)
- RE: Is NAT can provide some kind of protection? George Bonser (Jan 14)
- Re: Is NAT can provide some kind of protection? Leen Besselink (Jan 15)
- Re: Is NAT can provide some kind of protection? Joel Jaeggli (Jan 15)
- Re: Is NAT can provide some kind of protection? Leen Besselink (Jan 15)
- Re: Is NAT can provide some kind of protection? Marshall Eubanks (Jan 15)