Anit-Virus help for all of us??????

Stephen J. Wilcox steve at
Mon Nov 24 21:50:48 UTC 2003

On Mon, 24 Nov 2003, Gerardo Gregory wrote:

> > # Machine behind NAT while it is being updated
> NAT is not a security feature, neither does it provide any real 
> security, just one to one translations.  PAT fall into the same 
> category.  Just cause your broadband router (ahem, switch) vendor states 
> that NAT (in reality PAT) as one of their security 'knobs' does not make 
> it in any way a security feature when implemented.  Only thing that 
> might benefit is IPv4 address space.
> Make a NAT Translation to a workstation (nothing else) and see if you 
> can still carryout some of the exploits making the rounds.

Nor does it stop the user inviting an exploit to run on their PC, eg web 
download, email attachment.. based on seeing plenty of virused/exploited 
machines at companies I've worked at which all had AV, FW, NAT etc they still 
had the human factor who would override a warning because they got sent what 
looks like a joke email with an attached .scr that later turns out to be a new 


More information about the NANOG mailing list