Is NAT can provide some kind of protection?

• Previous message (by thread): Is NAT can provide some kind of protection?
• Next message (by thread): Is NAT can provide some kind of protection?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: Fernando Gont [mailto:fernando.gont.netbook.win at gmail.com] On
> Behalf Of Fernando Gont
> Sent: Wednesday, January 12, 2011 8:54 AM
> To: George Bonser
> Cc: Tarig Ahmed; nanog at nanog.org
> Subject: Re: Is NAT can provide some kind of protection?
> 
> On 12/01/2011 01:17 p.m., George Bonser wrote:
> 
> > But your security person needs to shift their thinking because the
> > purpose of NAT and private addressing is to conserve IP address, not
> to
> > provide security.  With IPv6, the concept of NAT goes away.
> 
> You have heard about NAT66, right?
> 
> Thanks,
> --
> Fernando Gont
> e-mail: fernando at gont.com.ar || fgont at acm.org
> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

Oh, yeah.  But NAT66 does not provide the "security" aspect of PAT with
V4.  It is just a straight static NAT.  So each of your machines is
still directly addressable from the Internet.  With v4 PAT, you can not
be sure which address/port on the external IP maps to which address/port
on the inside IP at any given moment and PAT is stateful in that an
outbound packet is required to start the mapping.  NAT66 is just
straight static NAT that maps one prefix to a different prefix.

• Previous message (by thread): Is NAT can provide some kind of protection?
• Next message (by thread): Is NAT can provide some kind of protection?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]