Security gain from NAT (was: Re: Cool IPv6 Stuff)

Jim Shankland nanog at
Mon Jun 4 20:41:05 UTC 2007

Valdis.Kletnieks at writes:
> Let's not forget all the NAT boxes out there that are *perfectly*
> willing to let a system make an *outbound* connection.  So the user
> makes a first outbound connection to visit a web page, gets exploited,
> and the exploit then phones home to download more malware.
> Yeah, that NAT *should* be providing security, but as you point out,
> there's that big gap between should and is... :)

I will happily (well ...) further concede that NAT does not provide
*absolute* security.  Let me be the first to mention that NAT provides
precisely zero protection against:  "Hey, kids, just download and
run this .EXE to see a cute cartoon of Santa dancing with a polar
bear" :-).


More information about the NANOG mailing list