Security gain from NAT (was: Re: Cool IPv6 Stuff)
Joe Abley
jabley at ca.afilias.info
Mon Jun 4 18:47:06 UTC 2007
On 4-Jun-2007, at 14:32, Jim Shankland wrote:
> Shall I do the experiment again where I set up a Linux box
> at an RFC1918 address, behind a NAT device, publish the root
> password of the Linux box and its RFC1918 address, and invite
> all comers to prove me wrong by showing evidence that they've
> successfully logged into the Linux box?
Perhaps you should run a corresponding experiment whereby you set up
a linux box with a globally-unique address, put it behind a firewall
which blocks all incoming traffic to that box, and issue a similar
invitation.
Do you think the results will be different?
Joe
More information about the NANOG
mailing list