Security gain from NAT (was: Re: Cool IPv6 Stuff)

Nicholas Suan nsuan at
Tue Jun 5 00:04:17 UTC 2007

On 6/4/07, David Schwartz <davids at> wrote:
> I can give you the root password to a Linux machine running telnetd and
> sshd. If it's behind NAT/PAT, you will not get into it. Period.

Just because it's behind NAT, does not mean it's unreahcable from the internet:

Fenrir:~% telnet
     [1028] 19:57:17
Connected to
Escape character is '^]'.
Last login: Sat Jun  2 14:26:58 2007 from on pts/0
Linux nira 2.6.18-1-486 #1 Sat Oct 21 16:34:06 UTC 2006 i686 GNU/Linux

You have mail.
Last was Mon 04 Jun 2007 06:57:37 PM CDT on pts/8.

nira:~$ /sbin/ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:20:78:03:F6:B0
          inet addr:  Bcast:  Mask:

And no, that's not misconfigured.

More information about the NANOG mailing list