Security gain from NAT (was: Re: Cool IPv6 Stuff)

Joe Abley jabley at ca.afilias.info
Mon Jun 4 18:47:06 UTC 2007


On 4-Jun-2007, at 14:32, Jim Shankland wrote:

> Shall I do the experiment again where I set up a Linux box
> at an RFC1918 address, behind a NAT device, publish the root
> password of the Linux box and its RFC1918 address, and invite
> all comers to prove me wrong by showing evidence that they've
> successfully logged into the Linux box?

Perhaps you should run a corresponding experiment whereby you set up  
a linux box with a globally-unique address, put it behind a firewall  
which blocks all incoming traffic to that box, and issue a similar  
invitation.

Do you think the results will be different?


Joe




More information about the NANOG mailing list