Arguing against using public IP space
Doug Barton
dougb at dougbarton.us
Sun Nov 13 21:48:32 UTC 2011
On 11/13/2011 13:27, Phil Regnauld wrote:
> That's not exactly correct. NAT doesn't imply firewalling/filtering.
> To illustrate this to customers, I've mounted attacks/scans on
> hosts behind NAT devices, from the interconnect network immediately
> outside: if you can point a route with the ext ip of the NAT device
> as the next hop, it usually just forwards the packets...
Have you written this up anywhere? It would be absolutely awesome to be
able to point the "NAT IS A SECURITY FEATURE!!!" crowd to an actual
demonstration of why it isn't.
Doug
--
"We could put the whole Internet into a book."
"Too practical."
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
More information about the NANOG
mailing list