v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

Chris Adams cmadams at hiwaay.net
Wed Feb 4 21:58:53 CST 2009


Once upon a time, Roger Marquis <marquis at roble.com> said:
>  * NAT advantage #5: it does not require replacement security measures to
>  protect against netscans, portscans, broadcasts (particularly microsoft
>  netbios), and other malicious inbound traffic.

Since NAT == stateful firewall with packet mangling, it would be much
easier to drop the packet mangling and just use a stateful firewall.
You are just reinforcing the incorrect belief that "NAT == security,
no-NAT == no-security".
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.




More information about the NANOG mailing list