Re: Arguing against using public IP space

[Doug Barton <dougb () dougbarton us>]

On 11/13/2011 13:27, Phil Regnauld wrote:
>       That's not exactly correct. NAT doesn't imply firewalling/filtering.
>       To illustrate this to customers, I've mounted attacks/scans on
>       hosts behind NAT devices, from the interconnect network immediately
>       outside: if you can point a route with the ext ip of the NAT device
>       as the next hop, it usually just forwards the packets...

Have you written this up anywhere? It would be absolutely awesome to be
able to point the "NAT IS A SECURITY FEATURE!!!" crowd to an actual
demonstration of why it isn't.


Doug

-- 

                "We could put the whole Internet into a book."
                "Too practical."

        Breadth of IT experience, and depth of knowledge in the DNS.
        Yours for the right price.  :)  http://SupersetSolutions.com/