Security gain from NAT (was: Re: Cool IPv6 Stuff)
Matthew Palmer
mpalmer at hezmatt.org
Mon Jun 4 23:51:08 UTC 2007
On Mon, Jun 04, 2007 at 03:31:00PM -0500, Larry Smith wrote:
>
> On Monday 04 June 2007 13:54, Valdis.Kletnieks at vt.edu wrote:
> > On Mon, 04 Jun 2007 11:32:39 PDT, Jim Shankland said:
> > > *No* security gain? No protection against port scans from Bucharest?
> > > No protection for a machine that is used in practice only on the
> > > local, office LAN? Or to access a single, corporate Web site?
> >
> > Nope. Zip. Zero. Ziltch. Nothing over and above what a good properly
> > configured stateful *non*-NAT firewall should be doing for you already.
>
> Cool, then I need four of these firewalls, and two Class-C (512) worth of IP
> space that works behind my current ISP at no more than $39.95 each (my basic
> price for a Dlink, Netgear, etc cable/dsl router with NAT) with no additional
> cost to my monthly internet - and I will start switching over networks...
>
> Yes, I am joking, but the point being that _currently_ NAT serves a purpose;
Yes, it does -- conservation of address space (and routing table entries,
possibly). However, a quick glance at the subject line and the material you
quoted should suggest that we're talking about a different topic.
- Matt
--
I was punching a text message into my phone yesterday and thought, "they need
to make a phone that you can just talk into."
-- Major Thomb
More information about the NANOG
mailing list