Security gain from NAT

brett watson brett at the-watsons.org
Tue Jun 5 05:23:14 UTC 2007


On Jun 4, 2007, at 9:51 PM, Donald Stahl wrote:

> A SI firewall ruleset equivalent to PAT is a single rule on a  
> CheckPoint firewall (as an example):
>
> Src: Internal - Dst: Any - Action: Allow
>
> Done.

Done indeed! Botnet operators *love* this policy. This type of policy  
is probably worse than any issue discussed in this thread so far.

-b




More information about the NANOG mailing list