Security gain from NAT (was: Re: Cool IPv6 Stuff)

• Previous message (by thread): Security gain from NAT (was: Re: Cool IPv6 Stuff)
• Next message (by thread): Security gain from NAT (was: Re: Cool IPv6 Stuff)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sure, NAT can't prevent users from running with scissors, but sometimes it
does block the scissors thrown at the back of their neck whilst they are
sleeping :)

On 6/4/07, Valdis.Kletnieks at vt.edu <Valdis.Kletnieks at vt.edu> wrote:
>
> On Mon, 04 Jun 2007 12:20:38 PDT, Jim Shankland said:
>
> > I can't pass over Valdis's statement that a "good properly configured
> > stateful firewall should be doing [this] already" without noting
> > that on today's Internet, the gap between "should" and "is" is
> > often large.
>
> Let's not forget all the NAT boxes out there that are *perfectly* willing
> to let a system make an *outbound* connection.  So the user makes a first
> outbound connection to visit a web page, gets exploited, and the exploit
> then phones home to download more malware.
>
> Yeah, that NAT *should* be providing security, but as you point out,
> there's
> that big gap between should and is... :)
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20070604/16366087/attachment.html>

• Previous message (by thread): Security gain from NAT (was: Re: Cool IPv6 Stuff)
• Next message (by thread): Security gain from NAT (was: Re: Cool IPv6 Stuff)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]