Security gain from NAT

Nathan Ward nanog at daork.net
Wed Jun 6 05:36:55 UTC 2007


On 6/06/2007, at 2:53 PM, Roger Marquis wrote:

>
>> So now the cruft extends and embraces, and you have to play DNS
>> view games based on whether it's on company A's legacy net,
>> company B's legacy net, or the DMZ in between them, and start
>> poking around in the middle of DNS packets to tweak the replies
>> (which sort of guarantees you can't deploy DNSSEC).
>
> <IPv4 junk>

You clearly missed the start of this conversation, and my summaries  
in the last couple of days, about which I am not surprised.

We were discussing IPv6, the lack of NAT was brought up as being  
viewed as a blocker for security reasons, and solutions were  
presented so that it no longer is, assuming adequate education is  
provided.

--
Nathan Ward



More information about the NANOG mailing list