Important IPv6 Policy Issue -- Your Input Requested

• Previous message (by thread): Important IPv6 Policy Issue -- Your Input Requested
• Next message (by thread): Content Delivery Networks/GSLB
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 10 Nov 2004 03:14:51 EST, Jerry Eyers said:

> "Get a firewall" is not a valid response when you have lusers
> to drop the latest netgear whatever onto their PC and dial
> to some provider somewhere.  Your firewall is useless to
> protect that segment.  In many cases NAT is the ONLY
> protection you end up with in this scenario, a scenario that
> is far to common in the corporate world.

And NAT does what, exactly, to defend you against a PC that has
one interface on the NAT'ed network and one interface "elsewhere/elsewhen"
(be it a netgear, or somebody at the far end of a VPN, or a laptop
that was connected externally, and now is on the corporate LAN)?

There's a *reason* why Bill Cheswick said "A crunchy shell around
a soft, chewy inside"......




-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20041109/853c5b33/attachment.sig>

• Previous message (by thread): Important IPv6 Policy Issue -- Your Input Requested
• Next message (by thread): Content Delivery Networks/GSLB
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]